Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 1 May 2003 23:59:11 -0400
From:      "Ben Pfountz" <netprince@vt.edu>
To:        <freebsd-ipfw@freebsd.org>
Subject:   ipfw2 on 4.8-stable accepts broadcast dhcp requests?
Message-ID:  <001a01c3105f$3073d160$6511a8c0@benspiece>

Next in thread | Raw E-Mail | Index | Archive | Help
I am running 4.8-stable updated a few days ago.  I am using a firewall that
filters clients based on their MAC address, and I noticed a new client could
acquire a DHCP lease from the server.  After staring at my ruleset for a few
hours, I decided to try removing all rules, except for the default to deny
rule.  I tried to renew a DHCP lease from the client and immediately dhcpd
complained about not having permission to send a response back to the
client.

I assume the dhcp request that was sent to the server (a broadcast packet)
passed through the firewall, and the response from dhcpd (a directed packet)
was blocked by the firewall as it tried to leave the system.

I am using IPFW2, with:
net.link.ether.ipfw: 1
net.inet.ip.fw.enable: 1
net.inet.ip.fw.one_pass: 0
net.inet.ip.fw.debug: 1
net.inet.ip.fw.verbose: 1

Is this the correct behavior for IPFW2?

-----
 Ben Pfountz
 Computer Science Undergraduate, Virginia Tech
 Computer Systems Engineer, Center for Power Electronic Systems




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?001a01c3105f$3073d160$6511a8c0>