ipfw2 on 4.8-stable accepts broadcast dhcp requests?
Ben Pfountz
netprince at vt.edu
Thu May 1 20:59:15 PDT 2003
I am running 4.8-stable updated a few days ago. I am using a firewall that
filters clients based on their MAC address, and I noticed a new client could
acquire a DHCP lease from the server. After staring at my ruleset for a few
hours, I decided to try removing all rules, except for the default to deny
rule. I tried to renew a DHCP lease from the client and immediately dhcpd
complained about not having permission to send a response back to the
client.
I assume the dhcp request that was sent to the server (a broadcast packet)
passed through the firewall, and the response from dhcpd (a directed packet)
was blocked by the firewall as it tried to leave the system.
I am using IPFW2, with:
net.link.ether.ipfw: 1
net.inet.ip.fw.enable: 1
net.inet.ip.fw.one_pass: 0
net.inet.ip.fw.debug: 1
net.inet.ip.fw.verbose: 1
Is this the correct behavior for IPFW2?
-----
Ben Pfountz
Computer Science Undergraduate, Virginia Tech
Computer Systems Engineer, Center for Power Electronic Systems
More information about the freebsd-ipfw
mailing list