dhclient
Bob Hall
rjhalljr at starpower.net
Wed Jul 2 21:43:06 PDT 2003
On Wed, Jul 02, 2003 at 10:19:16PM -0400, Lowell Gilbert wrote:
> "Bob Hall" <rjhalljr at starpower.net> writes:
> > The firewall is ipfw with the SIMPLE option. The modifications
> > to the firewall script for DHCP were
> > # Accept bootps (dhcp):
> > ${fwcmd} add allow udp from ${oip}/32 68 to 0.0.0.0/0 67 out
> > ${fwcmd} add allow udp from 0.0.0.0/0 67 to ${oip}/32 68 in
>
> That doesn't make any sense.
OK. Could you explain why? ipfw rules are still a bit of a black
art for me.
> How about:
> ${fwcmd} add allow udp from any to any bootps keep-state out via ${oif}
Allow any udp packet from any address to any address, provided it's
going out through oif. Is that correct? Does keep-state tell ipfw to
look for responses and let them in?
> You don't have an IP address yet,
When I run "ipfw show", the proper IP address is displayed in the two
rules. For example:
allow udp from <my external IP address> 68 to any 67 out
I take this to mean that I do have an IP address. Am I wrong?
> so you can't put an IP address into
> the rule, and the all-zeros address would be what *your* machine is
> using. You don't know the address of the server, so you have to leave
> that unspecified.
Thanks for the help. I will try replacing my rules with your suggestion,
as soon as I can disable the server briefly.
Bob Hall
More information about the freebsd-questions
mailing list