I see, so if dhcpd and pf weren't sharing the same interface, then I wouldn't have this problem.
I guess limiting dhcpd wouldn't be the best thing, but improving pf. Is anyone working on adding such a feature to pf to make it block these kinds of requests? Seems like it'd be helpful. Otherwise, seems like that's somewhat of a security hole. Jason -------Original Message----- From: Can Erkin Acar <[EMAIL PROTECTED]> Sent: Friday 13 February 2004 00:24 To: Jason <[EMAIL PROTECTED]> Subject: Re: PF block arp dhcp requests? On Thu, Feb 12, 2004 at 10:36:27PM -0800, Jason wrote: > Hi, > > I'm new to the list, and fairly new to OpenBSD (installed maybe 6 months > ago). Anyway, I have a question. Is there anywhere to get PF to stop arp > requests from passing through it? The problem I'm having is dhcp requests > from Windows XP are squeezing by. dhclient on Linux seems to not work > (which is good). > > Here's my setup: > > I have two interfaces, rl0 and rl1. rl1 is my wireless. rl0 is my > internal. I have dhcpd listening on both interfaces. My test pf rules are: > > block in all > block out all > > So nothing should get in or out. period. right? Well, when I do an > ipconfig /renew on Windows XP (wireless), it gets an IP address from dhcpd! > And I know it came from my sever because looking at /var/log/daemon confims > it (plus it's the only one the network). Is this the expected behavior? Or > am I missing something here? this is the expected baheviour. > I did a tcpdump on rl1, and it was just a bunch of mac addresses talking > back and forth. This is exactly how dhcpd sees those packets. it uses bpf, just like tcpdump to captures packets from the interface. This is why pf is unable to block it. You can work around this with dhcp configuration as you already noted. Can
