Why ipfw didn't filter neither log DHCP packets ?
Willy Offermans
Willy at Offermans.Rompen.nl
Mon Jan 5 11:47:35 UTC 2015
Hello Olivier and FreeBSD friends,
On Mon, Jan 05, 2015 at 11:33:18AM +0100, Olivier Cochard-Labbé wrote:
> I'm using a pretty simple configuration:
>
> My rc.conf:
> ifconfig_sis0="DHCP"
> firewall_enable="YES"
> firewall_logging="YES"
> firewall_script="/etc/ipfw.rules"
>
> My /etc/ipfw.rules:
> #!/bin/sh
> fwcmd="/sbin/ipfw -q".
> ${fwcmd} -f flush
> ${fwcmd} add pass ip from any to any via lo0
> ${fwcmd} add deny log ip from any to any
>
> But after a reboot this machine is still able to get an IP address by DHCP
> and nothing (related to DHCP) is logged on the firewall:
>
> [root at wrap]~# ifconfig sis0
> sis0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
> options=83808<VLAN_MTU,WOL_UCAST,WOL_MCAST,WOL_MAGIC,LINKSTATE>
> ether 00:0d:b9:02:76:58
> inet 192.168.100.68 netmask 0xffffff00 broadcast 192.168.100.255
> media: Ethernet autoselect (100baseTX <full-duplex>)
> status: active
>
> [root at wrap]~# ipfw show
> 00100 0 0 allow ip from any to any via lo0
> 00200 4 1631 deny log ip from any to any
> 65535 0 0 deny ip from any to any
>
> [root at wrap]~# cat /var/log/security
> Jan 1 01:16:45 wrap newsyslog[923]: logfile first created
> Jan 1 01:17:18 wrap kernel: ipfw: 200 Deny UDP 192.168.100.254:138
> 192.168.100.255:138 in via sis0
> Jan 1 01:17:18 wrap kernel: ipfw: 200 Deny UDP 192.168.100.254:138
> 192.168.100.255:138 in via sis0
>
> I've got the same behavior on FreeBSD 8.2 and 11.0-CURRENT r275821.
>
> Are DHCP packets exluded from the filtering/logging engine of ipfw ?
> _______________________________________________
> freebsd-ipfw at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
I guess that dhcp daemon is started before firewall is started or, better,
firewall rules are applied.
--
Met vriendelijke groeten,
With kind regards,
Mit freundlichen Gruessen,
De jrus wah,
Wiel
*************************************
W.K. Offermans
Home: +31 45 544 49 44
Mobile: +31 681 15 87 68
Mobile: +49 1575 414 60 55
e-mail: Willy at Offermans.Rompen.nl
More information about the freebsd-ipfw
mailing list