> Where are the details written up for how pf is bypassed by dhcpd and > dhclient? > Would that mean that the machine with dhcpd could still serve dhcp > requests despite a filter ruleset like this: > > block in all > pass out all
Damn right it will. Where is it written up? In the manual pages. I can't believe we are here in 2009 and people still believe they can get away with being an idiot because they believe they are above doing research: >From the dhclient manual page: You must have the Berkeley Packet Filter (BPF) configured in your kernel. dhclient requires at least one /dev/bpf* file for each broadcast network interface that is attached to your system. See bpf(4) for more informa- tion. See that last sentence? >From the bpf manual page: The Berkeley Packet Filter provides a raw interface to data link layers in a protocol-independent fashion. All packets on the network, even those destined for other hosts, are accessible through this mechanism. See that last sentence? "All packets on the network".