> Where are the details written up for how pf is bypassed by dhcpd and
> dhclient?
> Would that mean that the machine with dhcpd could still serve dhcp
> requests despite a filter ruleset like this:
>
> block in all
> pass out all
Damn right it will.
Where is it written up? In the manual pages. I can't believe
we are here in 2009 and people still believe they can get away
with being an idiot because they believe they are above doing
research:
>From the dhclient manual page:
You must have the Berkeley Packet Filter (BPF) configured in your kernel.
dhclient requires at least one /dev/bpf* file for each broadcast network
interface that is attached to your system. See bpf(4) for more informa-
tion.
See that last sentence?
>From the bpf manual page:
The Berkeley Packet Filter provides a raw interface to data link layers
in a protocol-independent fashion. All packets on the network, even
those destined for other hosts, are accessible through this mechanism.
See that last sentence?
"All packets on the network".
