[rhn-users] I need help with hosts.deny - doesn't work asIexpected

[Greg Forte]

x6d696168 . wrote:
> IPtables is the best way to go, since its kernel based and can 
> handle anything you throw at it ...

ALMOST anything - dhcpd uses a raw socket, since the dhcp protocol 
operates somewhere "between" layers, so it is immune to iptables.  Which 
is probably not a big issue _unless_ you have a multi-homed box and only 
want dhcpd to respond to requests on one (or some proper subset) of the 
interfaces (this can and must be specified on the command line, instead; 
the interface name(s) can be listed in /etc/sysconfig/dhcpd).  I found 
this out the embarassing way.  Just for reference, in case anyone cares. 
  ;-)

-g