Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 1 May 2003 23:28:50 -0700
From:      Luigi Rizzo <>
To:        Ben Pfountz <>
Subject:   Re: ipfw2 on 4.8-stable accepts broadcast dhcp requests?
Message-ID:  <>
In-Reply-To: <001a01c3105f$3073d160$6511a8c0@benspiece>; from on Thu, May 01, 2003 at 11:59:11PM -0400
References:  <001a01c3105f$3073d160$6511a8c0@benspiece>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
could it be that dhcp uses bpf to send the packet ? In that
case, it will bypass the firewall, even if you have ether.ipfw set


On Thu, May 01, 2003 at 11:59:11PM -0400, Ben Pfountz wrote:
> I am running 4.8-stable updated a few days ago.  I am using a firewall that
> filters clients based on their MAC address, and I noticed a new client could
> acquire a DHCP lease from the server.  After staring at my ruleset for a few
> hours, I decided to try removing all rules, except for the default to deny
> rule.  I tried to renew a DHCP lease from the client and immediately dhcpd
> complained about not having permission to send a response back to the
> client.
> I assume the dhcp request that was sent to the server (a broadcast packet)
> passed through the firewall, and the response from dhcpd (a directed packet)
> was blocked by the firewall as it tried to leave the system.
> I am using IPFW2, with:
> 1
> net.inet.ip.fw.enable: 1
> net.inet.ip.fw.one_pass: 0
> net.inet.ip.fw.debug: 1
> net.inet.ip.fw.verbose: 1
> Is this the correct behavior for IPFW2?
> -----
>  Ben Pfountz
>  Computer Science Undergraduate, Virginia Tech
>  Computer Systems Engineer, Center for Power Electronic Systems
> _______________________________________________
> mailing list
> To unsubscribe, send any mail to ""

Want to link to this message? Use this URL: <>