And it makes perfect sense only if you can trust your dhcp server (runs chrooted and privilege separated :)
On 1/28/11, Greg Hennessy <[email protected]> wrote: > Could be talking complete nonsense here, but.... > > IIRC BPF sees all traffic before PF. DHCP hooks at the BPF layer, so it'll > be serviced before any filtering policy applies. > > > Greg > > >> -----Original Message----- >> From: [email protected] [mailto:owner-freebsd- >> [email protected]] On Behalf Of Michael >> Sent: 28 January 2011 9:20 AM >> To: [email protected] >> Subject: why "block quick on wlan0" doesn't stop DHCP? >> >> Hello, >> >> Here is my simple rule set: >> >> set loginterface wlan0 >> block log >> block quick on wlan0 >> >> Now I'm booting my 8.1-R box. After it's up and running with pf I'm >> powering on my wireless access point. >> >> After couple seconds my wlan0 is associated and receives it's IP >> address. I don't understand why was it not stopped by pf? >> And how can I tune my rules to be able to control DHCP conversation? >> >> Michael >> _______________________________________________ >> [email protected] mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-pf >> To unsubscribe, send any mail to "[email protected]" > -- Iñigo Ortiz de Urbina Cazenave http://www.twitter.com/ioc32 _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
