From owner-freebsd-net@FreeBSD.ORG  Wed Oct 28 16:27:38 2009
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B6EF8106566C
	for <freebsd-net@freebsd.org>; Wed, 28 Oct 2009 16:27:38 +0000 (UTC)
	(envelope-from jon@witchspace.com)
Received: from queueout04-winn.ispmail.ntl.com
	(queueout04-winn.ispmail.ntl.com [81.103.221.58])
	by mx1.freebsd.org (Postfix) with ESMTP id 0EC208FC1B
	for <freebsd-net@freebsd.org>; Wed, 28 Oct 2009 16:27:37 +0000 (UTC)
Received: from aamtaout03-winn.ispmail.ntl.com ([81.103.221.35])
	by mtaout03-winn.ispmail.ntl.com
	(InterMail vM.7.08.04.00 201-2186-134-20080326) with ESMTP id
	<20091028160542.MXJZ17277.mtaout03-winn.ispmail.ntl.com@aamtaout03-winn.ispmail.ntl.com>
	for <freebsd-net@freebsd.org>; Wed, 28 Oct 2009 16:05:42 +0000
Received: from witchspace.com ([82.15.251.148])
	by aamtaout03-winn.ispmail.ntl.com
	(InterMail vG.2.02.00.01 201-2161-120-102-20060912) with SMTP id
	<20091028160542.JQFI2093.aamtaout03-winn.ispmail.ntl.com@witchspace.com>
	for <freebsd-net@freebsd.org>; Wed, 28 Oct 2009 16:05:42 +0000
Received: (qmail 9270 invoked from network); 28 Oct 2009 15:06:28 -0000
Received: from unknown (HELO core.home) (192.168.0.3)
	by 192.168.0.100 with SMTP; 28 Oct 2009 15:06:28 -0000
From: Jonathan Belson <jon@witchspace.com>
Content-Type: text/plain; charset=us-ascii; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
Date: Wed, 28 Oct 2009 16:05:40 +0000
Message-Id: <75F8B8C2-2BFE-434A-9E16-C34CAAF6C6E9@witchspace.com>
To: freebsd-net@freebsd.org
Mime-Version: 1.0 (Apple Message framework v1076)
X-Mailer: Apple Mail (2.1076)
X-Cloudmark-Analysis: v=1.0 c=1 a=INSGmp8vWH3cW5sZ1C4A:9
	a=2eBDFmqfeI5k-685MksIHgqgsbkA:4
Subject: PF and DHCP
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Oct 2009 16:27:38 -0000

Hiya

I have a server which acts as a gateway between the internet and my  
internal network.  The external interface receives its IP address via  
DHCP.  I set up pf.conf to allow DHCP packets via ports 67/68, but I  
notice that when the server boots, the DHCP exchange happens /before/  
PF gets started.

Does this mean that adding rules for DHCP isn't necessary (my firewall  
rules are block in/pass out, with a bit of NAT thrown in)?

Does this mean that when my machine boots, there's a window between  
the interfaces coming up and the firewall being enabled?

Thanks,

--Jon