From owner-freebsd-pf@FreeBSD.ORG Tue Feb 13 06:45:11 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id AAFA116A420 for ; Tue, 13 Feb 2007 06:45:11 +0000 (UTC) (envelope-from j_baggs@comcast.net) Received: from sccrmhc13.comcast.net (sccrmhc13.comcast.net [63.240.77.83]) by mx1.freebsd.org (Postfix) with ESMTP id 76F8013C4B4 for ; Tue, 13 Feb 2007 06:45:11 +0000 (UTC) (envelope-from j_baggs@comcast.net) Received: from [10.0.10.5] (c-67-177-200-161.hsd1.co.comcast.net[67.177.200.161]) by comcast.net (sccrmhc13) with ESMTP id <2007021306305801300o6mbie>; Tue, 13 Feb 2007 06:30:58 +0000 Message-ID: <45D15B22.5090408@comcast.net> Date: Mon, 12 Feb 2007 23:30:58 -0700 From: Jeremy Baggs User-Agent: Thunderbird 1.5.0.9 (X11/20070206) MIME-Version: 1.0 To: freebsd-pf@freebsd.org X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: DHCP no-route X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Feb 2007 06:45:11 -0000 Hello all, I have a FreeBSD /pf firewall setup between my network and the outside world. The firewall box gets an IP address from my ISP through DHCP. When a lease expires, my firewall successfully obtains a new address from one server at my ISP. There is however a second server that comes into play when I issue a request using dhclient. This second server gets blocked by the rule: block drop log quick from no-route to any I can ping both servers. I could add a pass rule for the second server but am wondering under what conditions a server would behave like this in the first place. Any thoughts? Jeremy