Date: Fri, 28 Jan 2011 12:34:12 +0100 From: =?UTF-8?Q?I=C3=B1igo_Ortiz_de_Urbina?= <inigoortizdeurbina@gmail.com> To: Greg Hennessy <Greg.Hennessy@nviz.net>, "freebsd-pf@freebsd.org" <freebsd-pf@freebsd.org> Subject: Re: why "block quick on wlan0" doesn't stop DHCP? Message-ID: <AANLkTi=-_qhCaym--m95hW%2BybYyaa=dP1jB%2B3Z9S7TTy@mail.gmail.com> In-Reply-To: <9E8D76EC267C9444AC737F649CBBAD9027BC4023C4@PEMEXMBXVS02.jellyfishnet.co.uk.local> References: <4D428A38.8000609@gmail.com> <9E8D76EC267C9444AC737F649CBBAD9027BC4023C4@PEMEXMBXVS02.jellyfishnet.co.uk.local>
next in thread | previous in thread | raw e-mail | index | archive | help
And it makes perfect sense only if you can trust your dhcp server (runs chrooted and privilege separated :) On 1/28/11, Greg Hennessy <Greg.Hennessy@nviz.net> wrote: > Could be talking complete nonsense here, but.... > > IIRC BPF sees all traffic before PF. DHCP hooks at the BPF layer, so it'l= l > be serviced before any filtering policy applies. > > > Greg > > >> -----Original Message----- >> From: owner-freebsd-pf@freebsd.org [mailto:owner-freebsd- >> pf@freebsd.org] On Behalf Of Michael >> Sent: 28 January 2011 9:20 AM >> To: freebsd-pf@freebsd.org >> Subject: why "block quick on wlan0" doesn't stop DHCP? >> >> Hello, >> >> Here is my simple rule set: >> >> set loginterface wlan0 >> block log >> block quick on wlan0 >> >> Now I'm booting my 8.1-R box. After it's up and running with pf I'm >> powering on my wireless access point. >> >> After couple seconds my wlan0 is associated and receives it's IP >> address. I don't understand why was it not stopped by pf? >> And how can I tune my rules to be able to control DHCP conversation? >> >> Michael >> _______________________________________________ >> freebsd-pf@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-pf >> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > --=20 I=C3=B1igo Ortiz de Urbina Cazenave http://www.twitter.com/ioc32
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTi=-_qhCaym--m95hW%2BybYyaa=dP1jB%2B3Z9S7TTy>