pf.conf and cable modem
alex at schnarff.com
alex at schnarff.com
Wed Feb 28 17:44:23 UTC 2007
Quoting RW <fbsd06 at mlists.homeunix.com>:
> On Tue, 27 Feb 2007 14:55:55 -0800
> "Josh Carroll" <josh.carroll at gmail.com> wrote:
>
>> > I am converting from DSL to RoadRunner this week and wondering if
>> > there is anything special I need to do to my pf.conf for passing
>> > DHCP into my NIC?
>>
>> I think all you'll need is:
>>
>> pass in quick on $ext_if proto udp from any port 67 to any port 68
>> keep state
>>
>
> When I used DHCP with PF, I found that it just worked without any rules
> at all.
That's been my experience as well (admittedly on OpenBSD, but it's
basically the same PF). Remember, your NIC's initialization sequence,
which is where the DHCP request will come, happens before PF is
enabled, so you're essentially at a "pass all" sort of a state when the
request happens.
The one thing to keep in mind is that if you're doing, say, NAT for
some clients behind the box, you can use a rule like this to deal with
any changes in your dynamic IP (which should be extremely rare -- on
Comcast I've had one IP change in 1.5 years, and that was because I was
down for a significant chunk of time):
nat on $ext_if from $int_if:network to any -> (nfe0)
The "(nfe0)" here says "use the IP address of the nfe0 interface,
instead of requiring you to specify the address manually.
HTH,
Alex Kirk
More information about the freebsd-questions
mailing list