Sam Stelfox

Thoughts from a software engineer, systems hacker and Linux gubernāre.


Firewall Adjustments

# Accept DHCP requests
-A INPUT -m udp -p udp --dport 67 --sport 68 -j ACCEPT



# Default lease time information
min-lease-time 300;
max-lease-time 86400;
default-lease-time 86400;

# We are the only DHCP server there should be...

# No updates, might deal with this later
ddns-updates off;
ddns-update-style none;

# Security measures
ignore bootp;
ignore client-updates;
deny declines;
deny duplicates;

# Verify the address is unused before assigning
ping-check true;
ping-timeout 1;

# Logging information
log-facility local1;

# Default DNS servers
option domain-name-servers,;

# Room Mate's network
subnet netmask {
  option routers;
  option broadcast-address;


  # I don't monitor nor care about the devices my room mates
  # put on this subnet. Allow them all.
  allow unknown-clients;

# Public network
subnet netmask {
  option routers;
  option broadcast-address;


  # They probably won't be around long... no need to hold onto
  # resources they don't need
  max-lease-time 1800;
  default-lease-time 600;

  # I don't know who will get on this... besides I want to have
  # some fun with strangers...
  allow unknown-clients;

# Private/Trusted LAN
subnet netmask {
  option routers;
  option broadcast-address;

  option domain-name "";
  option ntp-servers;
  option time-offset -18000;


  deny unknown-clients;

# Include my known clients configurations
include "/etc/dhcp/known-hosts.conf";


This file needs to be created by hand. Initially it is empty, clients should be added as needed.

host caerleon {
    hardware ethernet 00:25:22:0d:6d:66;