Claudio Jeker wrote:
> Neither dhcpd nor dhclient need any pass rules in pf. Both tools use bpf
> to steal the packets before they're checked by pf.
I see that has been there for a while.
Now that I look I see that dhcpd can add addresses to a PF table using
the argument -L. Useful!
Where are the details written up for how pf is bypassed by dhcpd and
dhclient?
Would that mean that the machine with dhcpd could still serve dhcp
requests despite a filter ruleset like this:
block in all
pass out all
Regards,
/Lars
