Re: DHCP server ignoring PF rules?

Sat, 17 Dec 2022 07:36:30 -0800 

hello, 

barbarosb...@gmail.com (Barbaros Bilek), 2022.12.17 (Sat) 15:07 (CET):
> On Sat, Dec 17, 2022 at 4:40 PM Cristian Danila <clau...@postmail.ro> wrote:
> > Thanks for the provided info, now it makes sense about what is happening.
> > Any idea about a possible way to control these packets?
> > Still investigating but I had still not found yet a way to do it.
> > Thank you.
>
> Hello Cristian,
> If you put your physical interface into veb(4) and set link1 flag you can
> filter dhcp packets.
> For more please read man veb
> Have a nice weekend.
> Barbaros

tcpdump(8)'s -B switch might work, too.

But beware. dlg@ already answered but he did not mention this, although
he committed it and said:

        support configuring BIOCSFILDROP with tcpdump.

        this allows tcpdump to be used a quick and dirty firewall. it
        also looks like an amazing foot-gun, so be careful.

        for example `tcpdump -B drop -i ix1 udp and port 7` lets you
        completely drop discard packets in the hardware interrupt
        handler.
        [ I minimally edited the line flow. ]

https://cvsweb.openbsd.org/src/usr.sbin/tcpdump/tcpdump.c?rev=1.89&content-type=text/x-cvsweb-markup

I've not used this option, just saying...

Marcus

> > On Sat, Dec 17, 2022 at 3:11 PM David Gwynne <da...@gwynne.id.au> wrote:
> > >
> > > dhcpd reads packets off the wire using BPF, which happens as packets
> > come off the network interface, but before the IP stack where pf runs.
> > >
> > > > On 17 Dec 2022, at 22:40, Cristian Danila <clau...@postmail.ro> wrote:
> > > >
> > > > Good day!
> > > > I finished setup an DHCP server and for some reason it seems DHCP
> > > > server is ignoring PF filter.
> > > > In short, in PF I have active only one rule:
> > > > block drop quick all
> > > >
> > > > Double checked PF and it is enabled
> > > > So using a windows machine to test DHCP server:
> > > > 1) ifconfig /release
> > > > 2) ifconfig /renew
> > > >
> > > > somehow dhcpd still serves the windows(only when is enabled) and
> > > > ignores PF rule.
> > > > Could you please help me in telling if dhcpd has some intended logic
> > > > to ignore PF or what might
> > > > cause this unexpected behavior?
> > > >
> > > > Kind Regards!
> > > >
> > >
> >
> >

Reply via email to