dhcp-host=00:11:22:33:44:55,192.168.1.100dhcp-host=00:11:22:33:44:56,192.168.1.

1. dhcp-host=00:11:22:33:44:55,192.168.1.100
2. dhcp-host=00:11:22:33:44:56,192.168.1.101
3. dhcp-host=00:11:22:33:44:57,192.168.1.102
4.  
5. # Specify a subnet which can't be used for dynamic address allocation,
6. # is available for hosts with matching --dhcp-host lines. Note that
7. # dhcp-host declarations will be ignored unless there is a dhcp-range
8. # of some type for the subnet in question.
9. # In this case the netmask is implied (it comes from the network
10. # configuration on the machine running dnsmasq) it is possible to give
11. # an explicit netmask instead.
12. #dhcp-range=192.168.0.0,static
13.  
14. # Incoming DHCP, pass to chain processing DHCP
15. iptables -t raw -A PREROUTING -p udp --dport 67 -j DHCP_clients
16.  
17. # Allowed DHCP clients
18. iptables -t raw -A DHCP_clients -m mac --mac-source 00:11:22:33:44:55 -j ACCEPT
19. iptables -t raw -A DHCP_clients -m mac --mac-source 00:11:22:33:44:56 -j ACCEPT
20. iptables -t raw -A DHCP_clients -m mac --mac-source 00:11:22:33:44:57 -j ACCEPT
21. # Deny other clients not listed above
22. iptables -t raw -A DHCP_clients -j DROP
23.  
24. # Ignore any clients which are not specified in dhcp-host lines
25. # or /etc/ethers. Equivalent to ISC "deny unknown-clients".
26. # This relies on the special "known" tag which is set when
27. # a host is matched.
28. #dhcp-ignore=tag:!known