> Does your dhcpd server listen on wi0 ? > > /Sigfred > > > On Saturday 02 October 2004 18.28, you wrote: >> I'm trying to block wireless clients in using my DHCP-server. The >> problem is that these clients are still able to retrieve IP-information >> from the DHCP-server. If I understand the hereby included pf.conf, >> everything (except UDP domain and TCP ssh) is blocked into entering >> $wir_if (which comes from $wir_if:network). Doesn't this also mean that >> an DHCP-request is blocked? Any suggestions in what I'm missing? >> >
Hello, Indeed does the DHCP-server listen on wi0...If I understand correctly now the DHCP daemon is written to use pcap instead of network sockets. This means that the offers send out by the daemon can not be filtered(?) . Quote from another user... "I know that the dhcp* subsystem, was fundamentally written using pcap, so that it did not use normal network sockets to request and accept answers, at least I know that the dhcpclient worked this way for sure. I'm not sure that the dhcpd daemon worked this way, so this is something that deserves some follow-up... The dhcpclient in OpenBSD changed this in 3.5, I know because I had to put pf rules in place for the client to work on my DSL public interface. The dhcpd server may well use proper sockets at this time..." A simple solution to this problem would be to remove wi0 from dhcpd.interfaces, but I wonder; is it 'wise' to give daemons the option to 'bypass' pf?