ipfw2 on 4.8-stable accepts broadcast dhcp requests?

[Ben Pfountz]

Yes, I think thats it, thank you for the clarification.

Ben

----- Original Message ----- 
From: "Luigi Rizzo" <rizzo at icir.org>
To: "Ben Pfountz" <netprince at vt.edu>
Cc: <freebsd-ipfw at freebsd.org>
Sent: Friday, May 02, 2003 2:28 AM
Subject: Re: ipfw2 on 4.8-stable accepts broadcast dhcp requests?


> could it be that dhcp uses bpf to send the packet ? In that
> case, it will bypass the firewall, even if you have ether.ipfw set
>
> cheers
> luigi
>
> On Thu, May 01, 2003 at 11:59:11PM -0400, Ben Pfountz wrote:
> > I am running 4.8-stable updated a few days ago.  I am using a firewall
that
> > filters clients based on their MAC address, and I noticed a new client
could
> > acquire a DHCP lease from the server.  After staring at my ruleset for a
few
> > hours, I decided to try removing all rules, except for the default to
deny
> > rule.  I tried to renew a DHCP lease from the client and immediately
dhcpd
> > complained about not having permission to send a response back to the
> > client.
> >
> > I assume the dhcp request that was sent to the server (a broadcast
packet)
> > passed through the firewall, and the response from dhcpd (a directed
packet)
> > was blocked by the firewall as it tried to leave the system.
> >
> > I am using IPFW2, with:
> > net.link.ether.ipfw: 1
> > net.inet.ip.fw.enable: 1
> > net.inet.ip.fw.one_pass: 0
> > net.inet.ip.fw.debug: 1
> > net.inet.ip.fw.verbose: 1
> >
> > Is this the correct behavior for IPFW2?
> >
> > -----
> >  Ben Pfountz
> >  Computer Science Undergraduate, Virginia Tech
> >  Computer Systems Engineer, Center for Power Electronic Systems
> >
> >
> > _______________________________________________
> > freebsd-ipfw at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
>
>