Quick Script to Emulate Basic DHCP Trusted Ports / DHCP Snooping / DHCP Filtration

dhcp_snooping.sh

#!/bin/bash

# Root Check
if [ $(whoami) != 'root' ]; then
        echo "ERROR: Must be root to run $0"
        exit 1;
fi

TRUSTED_PORTS=( swp1 swp3 )

SNOOPFILE=/etc/cumulus/acl/policy.d/90dhcp_snooping.rules

echo "###########################"
echo " Writing new DHCP Rules to: $SNOOPFILE"
echo "###########################"

echo "[iptables]" > $SNOOPFILE
for port in "${TRUSTED_PORTS[@]}"; do
    echo "-A FORWARD -i $port -p udp -m udp --sport 67 -j ACCEPT" >> $SNOOPFILE
done


echo "-A FORWARD -i swp+ -p udp -m udp --sport 67 -j DROP" >> $SNOOPFILE
echo "   done."
echo "###########################"
echo " Applying New DHCP Rules..."
echo "###########################"
cl-acltool -i

exit 0