I run a RB as a bridge between us and the customers firewall. At the moment the customer uses DHCP to get an IP. The problem is that the customer could set the IP manually in the firewall to always have the same IP address. Since this could lead to IP-Address conflicts and other problems I want avoid that.
My idea is to block everything in the “forward” chain except for DHCP requests from the client and DHCP replys from the server. Then I write a script which adds a rule to the firewall which permits packets from the MAC-Addess which got a Lease.
Since this seems to a bit tricky I wanted to ask if someone did this before and is able to give me a bit of jump start.