Date: Thu, 1 May 2003 23:59:11 -0400 From: "Ben Pfountz" <netprince@vt.edu> To: <freebsd-ipfw@freebsd.org> Subject: ipfw2 on 4.8-stable accepts broadcast dhcp requests? Message-ID: <001a01c3105f$3073d160$6511a8c0@benspiece>
next in thread | raw e-mail | index | archive | help
I am running 4.8-stable updated a few days ago. I am using a firewall that filters clients based on their MAC address, and I noticed a new client could acquire a DHCP lease from the server. After staring at my ruleset for a few hours, I decided to try removing all rules, except for the default to deny rule. I tried to renew a DHCP lease from the client and immediately dhcpd complained about not having permission to send a response back to the client. I assume the dhcp request that was sent to the server (a broadcast packet) passed through the firewall, and the response from dhcpd (a directed packet) was blocked by the firewall as it tried to leave the system. I am using IPFW2, with: net.link.ether.ipfw: 1 net.inet.ip.fw.enable: 1 net.inet.ip.fw.one_pass: 0 net.inet.ip.fw.debug: 1 net.inet.ip.fw.verbose: 1 Is this the correct behavior for IPFW2? ----- Ben Pfountz Computer Science Undergraduate, Virginia Tech Computer Systems Engineer, Center for Power Electronic Systems
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001a01c3105f$3073d160$6511a8c0>