Initial commit: DHCP whitelist service for direct link connections
Features: - Docker-based DHCP server with MAC address whitelisting - Binds to specific ethernet interface only - NO DNS/gateway advertised (direct link only, not a router) - Configurable network parameters (subnet, DHCP range, lease times) - Systemd service integration for Arch/Manjaro - Test environment with isolated network (172.20.0.0/24) - Auto-configuration script to detect network settings - Complete Makefile with management targets Security: - Only responds to whitelisted MAC addresses - deny unknown-clients configuration - Runs in Docker container for isolation Configuration: - Copy .example files to create your config - interface.conf: Network interface to bind to - whitelist.conf: Allowed MAC addresses - network.conf: Network parameters (optional)
This commit is contained in:
@@ -0,0 +1,45 @@
|
||||
version: '3.8'
|
||||
|
||||
networks:
|
||||
test-net:
|
||||
driver: bridge
|
||||
ipam:
|
||||
config:
|
||||
- subnet: 172.20.0.0/24
|
||||
gateway: 172.20.0.1
|
||||
|
||||
services:
|
||||
test-dhcp-server:
|
||||
build: .
|
||||
image: dhcp-whitelist:test
|
||||
container_name: test-dhcp-server
|
||||
networks:
|
||||
test-net:
|
||||
ipv4_address: 172.20.0.2
|
||||
volumes:
|
||||
- ./test/test-config:/config:ro
|
||||
environment:
|
||||
- TZ=UTC
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
|
||||
test-client-allowed:
|
||||
build: ./test/test-client
|
||||
container_name: test-client-allowed
|
||||
networks:
|
||||
test-net:
|
||||
mac_address: "02:42:ac:11:00:02"
|
||||
depends_on:
|
||||
- test-dhcp-server
|
||||
command: ["/bin/sh", "-c", "sleep 5 && udhcpc -i eth0 -n -q && ip addr show eth0"]
|
||||
|
||||
test-client-denied:
|
||||
build: ./test/test-client
|
||||
container_name: test-client-denied
|
||||
networks:
|
||||
test-net:
|
||||
mac_address: "02:42:ac:11:00:99"
|
||||
depends_on:
|
||||
- test-dhcp-server
|
||||
command: ["/bin/sh", "-c", "sleep 5 && timeout 10 udhcpc -i eth0 -n -q || echo 'DHCP request denied as expected'"]
|
||||
Reference in New Issue
Block a user