Date: Wed, 28 Feb 2007 18:08:42 +0000 From: RW <fbsd06@mlists.homeunix.com> To: freebsd-questions@freebsd.org Subject: Re: pf.conf and cable modem Message-ID: <20070228180842.2e3787db@gumby.homeunix.com> In-Reply-To: <20070228180215.03fcd926@gumby.homeunix.com> References: <200702272248.l1RMmD81013215@cheyenne.sixcompanies.com> <8cb6106e0702271455w5be91292vfce007b8ed439e1d@mail.gmail.com> <20070228173517.5a044300@gumby.homeunix.com> <20070228124421.j73ex8x4ow0g0o8k@mail.schnarff.com> <20070228180215.03fcd926@gumby.homeunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 28 Feb 2007 18:02:15 +0000 RW <fbsd06@mlists.homeunix.com> wrote: > On Wed, 28 Feb 2007 12:44:21 -0500 > alex@schnarff.com wrote: > > > Quoting RW <fbsd06@mlists.homeunix.com>: > > > > When I used DHCP with PF, I found that it just worked without any > > > rules at all. > > > > That's been my experience as well (admittedly on OpenBSD, but it's > > basically the same PF). Remember, your NIC's initialization > > sequence, which is where the DHCP request will come, happens before > > PF is enabled, so you're essentially at a "pass all" sort of a > > state when the request happens. > > > > The one thing to keep in mind is that if you're doing, say, NAT for > > some clients behind the box, you can use a rule like this to deal > > with any changes in your dynamic IP > > Not in my experience. > > I was using a half-bridge modem that had a 30 second lease time, which > was definitely renewing. It would also give me a private address when > PPPoA went down, and I saw that happen too. > > I added-in some early static rules to log all the DHCP packets. IIRC I > never saw any of the lease renewal packets, just some broadcast > packets. I asked in this list about it but never got a reply. > > I suspect that either DHCP sees the packets directly in some way, or > PF has some special handling for DHCP. In either case it would make > sense for PF rules to see the broadcasts, since they might need to be > bridged. Sorry, I misread what you were saying about the rule, but the point still remains that it's not simply the case that PF is in pass-all mode when DHCP start.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070228180842.2e3787db>