* Daniel Hartmeier <[EMAIL PROTECTED]> [2004-10-04 18:28]: > On Mon, Oct 04, 2004 at 08:29:06AM +0200, Bj�rn Ketelaars wrote: > > > A simple solution to this problem would be to remove wi0 from > > dhcpd.interfaces, but I wonder; is it 'wise' to give daemons the option to > > 'bypass' pf? > > It boils down to whether you want bpf to see incoming packets before they hit > the packet filter, or afterwards. The behaviour is the same for all > kinds of bpf listeners, whether they're daemons or not. > > All packet filters I know of are placed after bpf on the input path. That > way, tcpdump (one of the most obvious bpf listeners) shows you packets as they > arrive at the network interface, before pf might block or modify them.
and I want to add one more: you need to be root to open such a bpf descriptor. think about it... if you're root, you can as well run pfctl -d.
