From owner-freebsd-ipfw@FreeBSD.ORG  Fri Apr 22 16:28:21 2005
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1907316A4CF
	for <ipfw@freebsd.org>; Fri, 22 Apr 2005 16:28:21 +0000 (GMT)
Received: from mailhost.stack.nl (vaak.stack.nl [131.155.140.140])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 76A4043D2D
	for <ipfw@freebsd.org>; Fri, 22 Apr 2005 16:28:20 +0000 (GMT)
	(envelope-from dean@dragon.stack.nl)
Received: from dragon.stack.nl (dragon.stack.nl
	[IPv6:2001:610:1108:5011:207:e9ff:fe09:230])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mailhost.stack.nl (Postfix) with ESMTP id 6EC961F44C;
	Fri, 22 Apr 2005 18:28:19 +0200 (CEST)
Received: by dragon.stack.nl (Postfix, from userid 1600)
	id 3D7DF5F157; Fri, 22 Apr 2005 18:28:19 +0200 (CEST)
Date: Fri, 22 Apr 2005 18:28:19 +0200
From: Dean Strik <dean@stack.nl>
To: Thomas Vogt <freebsdlists@bsdunix.ch>
Message-ID: <20050422162819.GA7252@dragon.stack.nl>
References: <1114183217.35367.2.camel@bert.mlan.solnet.ch>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1114183217.35367.2.camel@bert.mlan.solnet.ch>
X-Editor: VIM Rulez! http://www.vim.org/
X-MUD: Outerspace - telnet://mud.stack.nl:3333
X-Really: Yes
User-Agent: Mutt/1.5.9i
cc: ipfw@freebsd.org
Subject: Re: blocking dhcp requests
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Apr 2005 16:28:21 -0000

Thomas Vogt wrote:
> I have a problem concerning ipfw and dhcp.
> I am trying to block dhcp request which are sent to my host.
> but the dhcp server replys even though my firewall rule matches.
> 
> the dhcp server sends the client an answer, even though ipfw seems to
> reject the packet.
> Is there any way to block the dhcprequest from reaching the dhcp
> server ? 

I guess not, since dhcpd uses BPF directly (like tcpdump). Any access
control will have to be done inside dhcpd.conf.

-- 
Dean C. Strik             Eindhoven University of Technology
dean@stack.nl  |  dean@ipnet6.org  |  http://www.ipnet6.org/
"This isn't right. This isn't even wrong." -- Wolfgang Pauli