On Mon, Oct 04, 2004 at 08:29:06AM +0200, Bj�rn Ketelaars wrote: > A simple solution to this problem would be to remove wi0 from > dhcpd.interfaces, but I wonder; is it 'wise' to give daemons the option to > 'bypass' pf?
It boils down to whether you want bpf to see incoming packets before they hit the packet filter, or afterwards. The behaviour is the same for all kinds of bpf listeners, whether they're daemons or not. All packet filters I know of are placed after bpf on the input path. That way, tcpdump (one of the most obvious bpf listeners) shows you packets as they arrive at the network interface, before pf might block or modify them. Daniel
