Get started
Transparent DHCP inspection & enforcement

Keep your DHCP server calm under load.

DHCP Shield Pro sits transparently in front of your DHCP server and shapes the traffic reaching it — flattening outage-recovery storms, quieting chatty clients, and shutting down firmware that hammers the server non-stop. It acts on individual devices automatically, with simple rules you can read and predict, and keeps the full lease record so your server doesn't have to.

Get started Read the docs
Self-hosted Air-gap capable DHCPv4 + v6 Open REST + MCP API
Dashboards › Firewall LIVE
DHCP Shield Pro Firewall dashboard: a live traffic-flow diagram splitting total inbound DHCP into accepted versus blocked, broken down by message type, above stacked DHCPv4 and DHCPv6 throughput charts.
The Firewall view — DHCP traffic shaped in real time: clean requests passed to your server, the noise filtered out.

Capabilities

What it does

01

Deep packet inspection

See the real client behind every relay — even on networks with no Layer-2 broadcast at all. DHCP Shield Pro reads the payload of every DHCPv4 (RFC 2131) and DHCPv6 (RFC 8415) exchange — message type, vendor class, client identifier, Option 82 relay info — and records each transaction, queryable later.

Learn more
02

Kernel-level enforcement

Ships with ready-made rule sets that throttle or block a misbehaving host automatically, per individual device — and every rule is yours to adjust. When that's not enough, a second line of rules acts on long-term behaviour, throttling or blocking based on the DHCP parameters a host keeps sending.

Learn more
03

Inventory, history & alarms

Every device is tracked over time — a living inventory of what's on your network and how each client has behaved. Run reports over that history, and raise alarms on individual devices, forwarded downstream to the systems you already run.

Learn more
04

Real-time monitoring & troubleshooting

Watch every DHCP transaction live across purpose-built dashboards — then drill into a single device when something's off, with on-demand packet capture, per-host capture, and availability checks, all in one place.

Learn more

Differentiators

Why it's different

01

Built the Unix way

It doesn't replace your DHCP server — it sits in front of whatever you already run and takes the unnecessary load off it, enforcing inline in the kernel. One job, done well.

Learn more
02

Open, and made to extend

Every function is exposed through 200+ REST endpoints and 45 MCP tools, so it fits the stack and the tooling you already use.

Learn more
03

Optional help, on your terms

A built-in support module takes the pain out of raising a ticket — and, entirely optional, it can bring a remote AI agent to your live traffic in read-only or read-write mode. You decide what it sees and what it can do.

Learn more

Who it's for

Built for

Telco carriers Large enterprise ISP / hosting Education

See it on your own network.

Open documentation, a real product, and a team that knows DHCP.

Talk to sales Read the docs

For security and procurement teams: visit the Trust Center →