Date: Wed, 28 Oct 2009 12:33:19 -0400 From: Boris Kochergin <spawk@acm.poly.edu> To: Jonathan Belson <jon@witchspace.com> Cc: freebsd-net@freebsd.org Subject: Re: PF and DHCP Message-ID: <4AE8724F.50702@acm.poly.edu> In-Reply-To: <75F8B8C2-2BFE-434A-9E16-C34CAAF6C6E9@witchspace.com> References: <75F8B8C2-2BFE-434A-9E16-C34CAAF6C6E9@witchspace.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Jonathan Belson wrote: > Hiya > > I have a server which acts as a gateway between the internet and my > internal network. The external interface receives its IP address via > DHCP. I set up pf.conf to allow DHCP packets via ports 67/68, but I > notice that when the server boots, the DHCP exchange happens /before/ > PF gets started. > > Does this mean that adding rules for DHCP isn't necessary (my firewall > rules are block in/pass out, with a bit of NAT thrown in)? To address just this question, it is a good idea to leave the rules that allow DHCP in there, as the DHCP client will need to renew its lease later, while the firewall is running. -Boris > Does this mean that when my machine boots, there's a window between > the interfaces coming up and the firewall being enabled? > > Thanks, > > --Jon > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4AE8724F.50702>