Re: limit dhclient to one server only?

[Patrick Welche <prlw1%cam.ac.uk@localhost>]

On Fri, Aug 16, 2013 at 11:03:32AM +0300, Jukka Marin wrote:
> On Fri, Aug 16, 2013 at 08:52:49AM +0100, Patrick Welche wrote:
> > On Fri, Aug 16, 2013 at 10:41:43AM +0300, Jukka Marin wrote:
> > > On Fri, Aug 16, 2013 at 08:38:38AM +0100, Patrick Welche wrote:
> > > > > > I haven't tried it, but in dhcpcd.conf(5), this looks promising:
> > > > > > 
> > > > > >      whitelist address[/cidr]
> > > > > >              Only accept packets from address[/cidr].  blacklist is 
> > > > > > ignored if
> > > > > >              whitelist is set.
> > > > > 
> > > > > Thanks, but in this case the clients don't know the server's address 
> > > > > :(
> > > > 
> > > > So how is it a "known DHCP server"? IPSEC on bootps/bootpc ports?
> > > 
> > > It should supply a special option value or something like that to the 
> > > clients,
> > > allowing the clients to recognize it as "our server".
> > 
> > Something like a "vendor encapsulated option"?
> 
> Probably, but can you make dhclient require a certain option _and_ a certain
> value for the option (not just that the option exists - the option numbers
> may be used by some other dhcp server which would break the system unless a
> special unique value was also required).

Selectively quoting from dhcpcd.conf, maybe this would be useful?

     require option
             Requires the option to be present in all DHCP messages, otherwise
             the message is ignored.  It can be a variable to be used in
             dhcpcd-run-hooks(8) or the numerical value.

P