1 changed files with 73 additions and 0 deletions
+ 73
- 0
README.md
View File
| ## Example IPv4 | ## Example IPv4 | ||||
| `iptables -A INPUT -p udp -m udp --dport 67 -j NFQUEUE --queue-num 67 --queue-bypass` | `iptables -A INPUT -p udp -m udp --dport 67 -j NFQUEUE --queue-num 67 --queue-bypass` | ||||
| `iptables -A OUTPUT -p udp -m udp --sport 67 -j NFQUEUE --queue-num 67 --queue-bypass` (optional for accounting) | |||||
| ## Example IPv6 | ## Example IPv6 | ||||
| `ip6tables -A INPUT -p udp -m udp --dport 547 -j NFQUEUE --queue-num 67 --queue-bypass` | `ip6tables -A INPUT -p udp -m udp --dport 547 -j NFQUEUE --queue-num 67 --queue-bypass` | ||||
| `ip6tables -A OUTPUT -p udp -m udp --sport 547 -j NFQUEUE --queue-num 67 --queue-bypass` (optional for accounting) | |||||
| # Configuration | # Configuration | ||||
| The configuration file may be tuned, but the defaults should be fine. | The configuration file may be tuned, but the defaults should be fine. | ||||
| ``` | ``` | ||||
| # actions. | # actions. | ||||
| # Set to 0 for production. | # Set to 0 for production. | ||||
| dryrun=0 | dryrun=0 | ||||
| # stats file and interval (seconds) | |||||
| # the stats file will be overwritten every n seconds | |||||
| # as defined below. The counters are absolute AND | |||||
| # relative (both included). | |||||
| stats_file=/var/run/dhcp_protect_status.json | |||||
| stats_interval=10 | |||||
| ``` | ``` | ||||
| # Starting / Stopping | # Starting / Stopping | ||||
| # Logging / Accounting | # Logging / Accounting | ||||
| ## Syslog | |||||
| The program will log every blacklisting action to syslog (also in dryrun mode). | The program will log every blacklisting action to syslog (also in dryrun mode). | ||||
| ``` | ``` | ||||
| Oct 23 16:50:18 router dhcp_protect[9706]: 00000000021b: blacklisting started | Oct 23 16:50:18 router dhcp_protect[9706]: 00000000021b: blacklisting started | ||||
| Oct 23 16:52:18 router dhcp_protect[9706]: 00000000021b: blacklisting ended | Oct 23 16:52:18 router dhcp_protect[9706]: 00000000021b: blacklisting ended | ||||
| ``` | ``` | ||||
| ## Status | |||||
| DHCP Protect will update its status in `stats_file` every `stats_interval` seconds. This is a JSON file containing the UNIX timestamp when the file was created/updated, absolute and relative (relative to late update) counters of all different DHCPv4/DHCPv6 messages types and the current blacklist entries. | |||||
| For example: | |||||
| ``` | |||||
| root@dhcp:~# cat /var/run/dhcp_protect_status.json | json_pp | |||||
| { | |||||
| "dhcpv4" : { | |||||
| "DISCOVER" : { | |||||
| "abs" : 2, | |||||
| "rel" : 0 | |||||
| }, | |||||
| "ACK" : { | |||||
| "rel" : 0, | |||||
| "abs" : 52 | |||||
| }, | |||||
| "REQUEST" : { | |||||
| "rel" : 0, | |||||
| "abs" : 52 | |||||
| }, | |||||
| "OFFER" : { | |||||
| "rel" : 0, | |||||
| "abs" : 1 | |||||
| } | |||||
| }, | |||||
| "timestamp" : 1572204894, | |||||
| "blacklist" : [], | |||||
| "dhcpv6" : { | |||||
| "RECONFIGURE-REQUEST" : { | |||||
| "abs" : 61, | |||||
| "rel" : 0 | |||||
| }, | |||||
| "SOLICIT" : { | |||||
| "rel" : 0, | |||||
| "abs" : 83 | |||||
| }, | |||||
| "RELEASE" : { | |||||
| "rel" : 0, | |||||
| "abs" : 6 | |||||
| }, | |||||
| "DECLINE" : { | |||||
| "abs" : 61, | |||||
| "rel" : 0 | |||||
| }, | |||||
| "RENEW" : { | |||||
| "rel" : 0, | |||||
| "abs" : 22 | |||||
| }, | |||||
| "REBIND" : { | |||||
| "rel" : 0, | |||||
| "abs" : 2 | |||||
| }, | |||||
| "RELAY-FORW" : { | |||||
| "rel" : 0, | |||||
| "abs" : 61 | |||||
| } | |||||
| } | |||||
| } | |||||
| ``` | |||||
| # Copyright / License | # Copyright / License | ||||
| ``` | ``` | ||||
| Copyright 2019 Pascal Gloor | Copyright 2019 Pascal Gloor |
Loading…