sysctl -w net.bridge.bridge-nf-call-iptables=1iptables -t mangle -I PREROUTING

1. sysctl -w net.bridge.bridge-nf-call-iptables=1
2. iptables -t mangle -I PREROUTING -m physdev --physdev-in vpn1
3. -p udp --dport 67:68 -j DROP
4.  
5. ## dont accept dhcp packets directed to the local machine
6. ebtables -A INPUT --in-interface vpn1 --protocol ipv4
7. --ip-protocol udp --ip-destination-port 67:68 -j DROP
8.  
9. ## dont forward dhcp packets coming in from vpn
10. ebtables -A FORWARD --in-interface vpn1 --protocol ipv4
11. --ip-protocol udp --ip-destination-port 67:68 -j DROP
12.  
13. ## dont send dhcp requests over vpn
14. ebtables -A FORWARD --out-interface vpn1 --protocol ipv4
15. --ip-protocol udp --ip-destination-port 67:68 -j DROP