Prevent dhcp address lease on some clients

bobafetthotmail · February 17, 2021, 3:48pm

I have a few headless devices that have encrypted root partition and on boot they will stop and ask for password over ssh to actually access the partition. They get the IP from the DHCP server when booting like this, while otherwise they have a static IP configured.

They are connected to two networks (two different interfaces on two different subnets) and both have a working DHCP server on an OpenWrt router

The IP they will get on boot is randomly on one or the other interface and this is annoying because this way I need to be connected to both networks to "unlock" their root partition, and try two different IPs for each.

So my question is, can I set the dhcp server to IGNORE the dhcp requests from devices that have a specific mac address?

trendy · February 17, 2021, 3:53pm

I don't know if you can ignore on the server level, but the easy solution is to drop packets from the device mac and udp 68.

bobafetthotmail · February 17, 2021, 11:22pm

nope, not working.

this is the rule I added

config rule
	option name 'no-dhcp-hosts'
	option src 'lan'
	option dest_port '68'
	option target 'DROP'
	list src_mac 'mac-address-redacted'
	list src_mac 'mac-address-redacted'
	list src_mac 'mac-address-redacted'
	list src_mac 'mac-address-redacted'
	list proto 'udp'

vgaetera · February 18, 2021, 1:33am

Options:

Filter DHCP requests on port 67/UDP with firewall.
Ignore DHCP requests with a static lease declaration.
Disable dynamic DHCP and use only static leases.

trendy · February 18, 2021, 2:36pm

source not destination!

bobafetthotmail · February 20, 2021, 9:50pm

ok thanks, went with the static lease with "ignore" instead than an IP

system · March 2, 2021, 9:51pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.