blocking dhcp requests
freebsdlists at bsdunix.ch
Fri Apr 22 08:21:26 PDT 2005
I have a problem concerning ipfw and dhcp.
I am trying to block dhcp request which are sent to my host.
but the dhcp server replys even though my firewall rule matches.
the firewall rule in my script
$cmd 02 deny log ip from any to any bootps keep-state in
which will be translated into:
deny log logamount 100 ip from any to any dst-port 67 keep-state
the log entry in /etc/security
Apr 22 14:41:54 lizard kernel: ipfw: 2 Deny UDP 0.0.0.0:68
255.255.255.255:67 in via fxp1
lizard# tcpdump -n -i fxp1 broadcast or host 192.168.1.2 and not arp
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode listening on fxp1, link-type EN10MB (Ethernet), capture size 96
14:41:54.026011 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request
from 00:11:11:94:72:76, length: 548
14:41:54.026534 IP 192.168.1.1.67 > 255.255.255.255.68: BOOTP/DHCP,
Reply, length: 351
the dhcp server sends the client an answer, even though ipfw seems to
reject the packet.
Is there any way to block the dhcprequest from reaching the dhcp
tcpdump version 3.8.3
FreeBSD lizard 5.4-RC2 FreeBSD 5.4-RC2
More information about the freebsd-ipfw