Date: Fri, 22 Apr 2005 17:20:16 +0200 From: Thomas Vogt <freebsdlists@bsdunix.ch> To: ipfw@freebsd.org Subject: blocking dhcp requests Message-ID: <1114183217.35367.2.camel@bert.mlan.solnet.ch>
next in thread | raw e-mail | index | archive | help
Hey there, I have a problem concerning ipfw and dhcp. I am trying to block dhcp request which are sent to my host. but the dhcp server replys even though my firewall rule matches. the firewall rule in my script $cmd 02 deny log ip from any to any bootps keep-state in which will be translated into: deny log logamount 100 ip from any to any dst-port 67 keep-state the log entry in /etc/security Apr 22 14:41:54 lizard kernel: ipfw: 2 Deny UDP 0.0.0.0:68 255.255.255.255:67 in via fxp1 lizard# tcpdump -n -i fxp1 broadcast or host 192.168.1.2 and not arp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on fxp1, link-type EN10MB (Ethernet), capture size 96 bytes 14:41:54.026011 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:11:11:94:72:76, length: 548 14:41:54.026534 IP 192.168.1.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length: 351 the dhcp server sends the client an answer, even though ipfw seems to reject the packet. Is there any way to block the dhcprequest from reaching the dhcp server ? tcpdump version 3.8.3 isc-dhcp3-server-3.0.2_7 FreeBSD lizard 5.4-RC2 FreeBSD 5.4-RC2 best regards Thomas Vogt
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1114183217.35367.2.camel>