why "block quick on wlan0" doesn't stop DHCP?
Greg Hennessy
Greg.Hennessy at nviz.net
Fri Jan 28 16:38:45 UTC 2011
Too true.
> -----Original Message-----
> From: Iñigo Ortiz de Urbina [mailto:inigoortizdeurbina at gmail.com]
> Sent: 28 January 2011 11:34 AM
> To: Greg Hennessy; freebsd-pf at freebsd.org
> Subject: Re: why "block quick on wlan0" doesn't stop DHCP?
>
> And it makes perfect sense only if you can trust your dhcp server
> (runs chrooted and privilege separated :)
>
> On 1/28/11, Greg Hennessy <Greg.Hennessy at nviz.net> wrote:
> > Could be talking complete nonsense here, but....
> >
> > IIRC BPF sees all traffic before PF. DHCP hooks at the BPF layer, so
> it'll
> > be serviced before any filtering policy applies.
> >
> >
> > Greg
> >
> >
> >> -----Original Message-----
> >> From: owner-freebsd-pf at freebsd.org [mailto:owner-freebsd-
> >> pf at freebsd.org] On Behalf Of Michael
> >> Sent: 28 January 2011 9:20 AM
> >> To: freebsd-pf at freebsd.org
> >> Subject: why "block quick on wlan0" doesn't stop DHCP?
> >>
> >> Hello,
> >>
> >> Here is my simple rule set:
> >>
> >> set loginterface wlan0
> >> block log
> >> block quick on wlan0
> >>
> >> Now I'm booting my 8.1-R box. After it's up and running with pf I'm
> >> powering on my wireless access point.
> >>
> >> After couple seconds my wlan0 is associated and receives it's IP
> >> address. I don't understand why was it not stopped by pf?
> >> And how can I tune my rules to be able to control DHCP conversation?
> >>
> >> Michael
> >> _______________________________________________
> >> freebsd-pf at freebsd.org mailing list
> >> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> >> To unsubscribe, send any mail to "freebsd-pf-
> unsubscribe at freebsd.org"
> >
>
>
> --
> Iñigo Ortiz de Urbina Cazenave
> http://www.twitter.com/ioc32
More information about the freebsd-pf
mailing list