From owner-freebsd-net@FreeBSD.ORG Wed Oct 28 16:33:33 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 02405106566B for ; Wed, 28 Oct 2009 16:33:33 +0000 (UTC) (envelope-from spawk@acm.poly.edu) Received: from acm.poly.edu (acm.poly.edu [128.238.9.200]) by mx1.freebsd.org (Postfix) with ESMTP id 958EA8FC20 for ; Wed, 28 Oct 2009 16:33:30 +0000 (UTC) Received: (qmail 47816 invoked from network); 28 Oct 2009 16:33:30 -0000 Received: from unknown (HELO ?10.0.0.158?) (spawk@128.238.64.31) by acm.poly.edu with AES256-SHA encrypted SMTP; 28 Oct 2009 16:33:30 -0000 Message-ID: <4AE8724F.50702@acm.poly.edu> Date: Wed, 28 Oct 2009 12:33:19 -0400 From: Boris Kochergin User-Agent: Thunderbird 2.0.0.23 (X11/20090910) MIME-Version: 1.0 To: Jonathan Belson References: <75F8B8C2-2BFE-434A-9E16-C34CAAF6C6E9@witchspace.com> In-Reply-To: <75F8B8C2-2BFE-434A-9E16-C34CAAF6C6E9@witchspace.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: PF and DHCP X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Oct 2009 16:33:33 -0000 Jonathan Belson wrote: > Hiya > > I have a server which acts as a gateway between the internet and my > internal network. The external interface receives its IP address via > DHCP. I set up pf.conf to allow DHCP packets via ports 67/68, but I > notice that when the server boots, the DHCP exchange happens /before/ > PF gets started. > > Does this mean that adding rules for DHCP isn't necessary (my firewall > rules are block in/pass out, with a bit of NAT thrown in)? To address just this question, it is a good idea to leave the rules that allow DHCP in there, as the DHCP client will need to renew its lease later, while the firewall is running. -Boris > Does this mean that when my machine boots, there's a window between > the interfaces coming up and the firewall being enabled? > > Thanks, > > --Jon > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"