From owner-freebsd-pf@FreeBSD.ORG Fri Jan 28 12:05:14 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 814E11065679 for ; Fri, 28 Jan 2011 12:05:14 +0000 (UTC) (envelope-from inigoortizdeurbina@gmail.com) Received: from mail-yi0-f54.google.com (mail-yi0-f54.google.com [209.85.218.54]) by mx1.freebsd.org (Postfix) with ESMTP id 3B93D8FC1C for ; Fri, 28 Jan 2011 12:05:13 +0000 (UTC) Received: by yie19 with SMTP id 19so1083898yie.13 for ; Fri, 28 Jan 2011 04:05:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type:content-transfer-encoding; bh=PxGZpwNtjKOHJ9KyxD+r6sXY7zhiJT2mBsdEBUsr9Y8=; b=W0ENZjQOzlxZhxa5yGZBwn5gM6jhKTbcO9RG5obQEP50YLJYOWSCy1QyGSELScmsx8 068esQeqYcwXWUKv43VkmBKN8I2k8AFxY6jyOcodtmD2JyXRxlgyHmkRFylpI+GDMRCi zapopC98y8B/rpTVTBfKdJSdGs/N8YEEqYJ6o= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=CXRZas7qc/VfZKFLhWsSuOMT7x7WfVWEVGFklrouk7nFAQb++Msqk8pigsNHpbLJv+ QajSYL93OSKM3xhbBTN3qh5VNoE5TB95jvziHHDWdMwSTkocoz9kGUCGcD6p1O6cwz4a eS0uz2VXvfNMgoyq+67oaoISC2oMWE+sx5BtY= MIME-Version: 1.0 Received: by 10.100.167.1 with SMTP id p1mr1482310ane.136.1296214452079; Fri, 28 Jan 2011 03:34:12 -0800 (PST) Received: by 10.101.188.16 with HTTP; Fri, 28 Jan 2011 03:34:12 -0800 (PST) In-Reply-To: <9E8D76EC267C9444AC737F649CBBAD9027BC4023C4@PEMEXMBXVS02.jellyfishnet.co.uk.local> References: <4D428A38.8000609@gmail.com> <9E8D76EC267C9444AC737F649CBBAD9027BC4023C4@PEMEXMBXVS02.jellyfishnet.co.uk.local> Date: Fri, 28 Jan 2011 12:34:12 +0100 Message-ID: From: =?UTF-8?Q?I=C3=B1igo_Ortiz_de_Urbina?= To: Greg Hennessy , "freebsd-pf@freebsd.org" Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: Subject: Re: why "block quick on wlan0" doesn't stop DHCP? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Jan 2011 12:05:14 -0000 And it makes perfect sense only if you can trust your dhcp server (runs chrooted and privilege separated :) On 1/28/11, Greg Hennessy wrote: > Could be talking complete nonsense here, but.... > > IIRC BPF sees all traffic before PF. DHCP hooks at the BPF layer, so it'l= l > be serviced before any filtering policy applies. > > > Greg > > >> -----Original Message----- >> From: owner-freebsd-pf@freebsd.org [mailto:owner-freebsd- >> pf@freebsd.org] On Behalf Of Michael >> Sent: 28 January 2011 9:20 AM >> To: freebsd-pf@freebsd.org >> Subject: why "block quick on wlan0" doesn't stop DHCP? >> >> Hello, >> >> Here is my simple rule set: >> >> set loginterface wlan0 >> block log >> block quick on wlan0 >> >> Now I'm booting my 8.1-R box. After it's up and running with pf I'm >> powering on my wireless access point. >> >> After couple seconds my wlan0 is associated and receives it's IP >> address. I don't understand why was it not stopped by pf? >> And how can I tune my rules to be able to control DHCP conversation? >> >> Michael >> _______________________________________________ >> freebsd-pf@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-pf >> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > --=20 I=C3=B1igo Ortiz de Urbina Cazenave http://www.twitter.com/ioc32