PF and DHCP
Boris Kochergin
spawk at acm.poly.edu
Wed Oct 28 16:33:33 UTC 2009
Jonathan Belson wrote:
> Hiya
>
> I have a server which acts as a gateway between the internet and my
> internal network. The external interface receives its IP address via
> DHCP. I set up pf.conf to allow DHCP packets via ports 67/68, but I
> notice that when the server boots, the DHCP exchange happens /before/
> PF gets started.
>
> Does this mean that adding rules for DHCP isn't necessary (my firewall
> rules are block in/pass out, with a bit of NAT thrown in)?
To address just this question, it is a good idea to leave the rules that
allow DHCP in there, as the DHCP client will need to renew its lease
later, while the firewall is running.
-Boris
> Does this mean that when my machine boots, there's a window between
> the interfaces coming up and the firewall being enabled?
>
> Thanks,
>
> --Jon
>
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
More information about the freebsd-net
mailing list