dhcp can't get a ip until i disable ipfilter. i have these two rules in my ipf.conf to let dhcp work. pass out quick on nge0 proto udp from any to any port=67 keep state pass in quick on nge0 proto udp from any to any port=68 keep state
i get a ip within a few seconds if i disable the firewall. block in quick on nge0 proto tcp/udp from any to any port = 111 pass in quick on lo0 all pass out quick on lo0 all pass out quick on nge0 proto tcp from any to 206.253.33.130 port=53 flags S keep state pass out quick on nge0 proto udp from any to 206.253.33.130 port=53 keep state pass out quick on nge0 proto tcp from any to 206.253.33.131 port=53 flags S keep state pass out quick on nge0 proto udp from any to 206.253.33.131 port=53 keep state pass out quick on nge0 proto udp from any to any port=67 keep state pass in quick on nge0 proto udp from any to any port=68 keep state pass out quick on nge0 proto tcp from any to any port=80 flags S keep state pass out quick on nge0 proto tcp from any to any port=443 flags S keep state pass out quick on nge0 proto tcp from any to any port=110 flags S keep state pass out quick on nge0 proto tcp from any to any port=25 flags S keep state pass out quick on nge0 proto tcp from any to any port=21 flags S keep state pass out quick on nge0 proto tcp from any to any port=22 flags S keep state block out quick on nge0 all block in quick on nge0 from 192.168.0.0/16 to any #RFC 1918 private IP block in quick on nge0 from 172.16.0.0/12 to any #RFC 1918 private IP block in quick on nge0 from 10.0.0.0/8 to any #RFC 1918 private IP block in quick on nge0 from 127.0.0.0/8 to any #loopback block in quick on nge0 from 0.0.0.0/8 to any #loopback block in quick on nge0 from 169.254.0.0/16 to any #DHCP auto-config block in quick on nge0 from 192.0.2.0/24 to any #reserved for docs block in quick on nge0 from 204.152.64.0/23 to any #Sun cluster interconnect block in quick on nge0 from 224.0.0.0/3 to any #Class D & E multicast block in quick on nge0 all with frags block in quick on nge0 proto tcp all with short block in quick on nge0 all with opt lsrr block in quick on nge0 all with opt ssrr block in quick on nge0 proto tcp from any to any flags FUP block in quick on nge0 all with ipopts block in quick on nge0 proto icmp all icmp-type 8 block in quick on nge0 proto tcp from any to any port=113 block in quick on nge0 proto tcp/udp from any to any port = 137 block in quick on nge0 proto tcp/udp from any to any port = 138 block in quick on nge0 proto tcp/udp from any to any port = 139 block in quick on nge0 proto tcp/udp from any to any port = 81 block in quick on nge0 all _______________________________________________ networking-discuss mailing list [email protected]
