ipf.rules

[Parv]

in message <000601c53fc3$e5367090$030a000a at CTU>,
wrote Francis Whittington thusly...
>
> # Allow out access to my ISP's DHCP server for cable or DSL networks.
...
> # Use the following rule and check log for IP address.
> # Then put IP address in commented out rule & delete first rule
> pass out log quick on dc0 proto udp from any to any port = 67 keep state
> #pass out quick on dc0 proto udp from any to z.z.z.z port = 67 keep state
> 
> How do I know which ip address I am looking for to put in place of
> "z.z.z.z. port= 67 keep state" in the rule that is saved.

Well, what does the log says as explicitly indicated in your
supplied comments (marked w/ '"#")?

To reiterate, 'z.z.z.z' is the address of your DHCP server.  You
will see it in the log as the (outside) host of which port 67
(bootps) is accessed (probably from address of 255.255.255.255).

(I do not know the default log file for ipf on 5.x; i have set it
manually in /etc/syslog.conf to be "ipf.log" (as the default was not
a special name which would have stood out (in /var/log)).)


  - Parv

--