Re: DHCP server ignoring PF rules?
hello, barbarosb...@gmail.com (Barbaros Bilek), 2022.12.17 (Sat) 15:07 (CET): > On Sat, Dec 17, 2022 at 4:40 PM Cristian Danila wrote: > > Thanks for the provided info, now it makes sense about what is happening. > > Any idea about a possible way to control these packets? > > Still investigating but I had still not found yet a way to do it. > > Thank you. > > Hello Cristian, > If you put your physical interface into veb(4) and set link1 flag you can > filter dhcp packets. > For more please read man veb > Have a nice weekend. > Barbaros tcpdump(8)'s -B switch might work, too. But beware. dlg@ already answered but he did not mention this, although he committed it and said: support configuring BIOCSFILDROP with tcpdump. this allows tcpdump to be used a quick and dirty firewall. it also looks like an amazing foot-gun, so be careful. for example `tcpdump -B drop -i ix1 udp and port 7` lets you completely drop discard packets in the hardware interrupt handler. [ I minimally edited the line flow. ] https://cvsweb.openbsd.org/src/usr.sbin/tcpdump/tcpdump.c?rev=1.89=text/x-cvsweb-markup I've not used this option, just saying... Marcus > > On Sat, Dec 17, 2022 at 3:11 PM David Gwynne wrote: > > > > > > dhcpd reads packets off the wire using BPF, which happens as packets > > come off the network interface, but before the IP stack where pf runs. > > > > > > > On 17 Dec 2022, at 22:40, Cristian Danila wrote: > > > > > > > > Good day! > > > > I finished setup an DHCP server and for some reason it seems DHCP > > > > server is ignoring PF filter. > > > > In short, in PF I have active only one rule: > > > > block drop quick all > > > > > > > > Double checked PF and it is enabled > > > > So using a windows machine to test DHCP server: > > > > 1) ifconfig /release > > > > 2) ifconfig /renew > > > > > > > > somehow dhcpd still serves the windows(only when is enabled) and > > > > ignores PF rule. > > > > Could you please help me in telling if dhcpd has some intended logic > > > > to ignore PF or what might > > > > cause this unexpected behavior? > > > > > > > > Kind Regards! > > > > > > > > > > >
Re: DHCP server ignoring PF rules?
I was just about thinking to it, I will try it. Many thanks and have a wonderful day! On Sat, Dec 17, 2022 at 4:07 PM Barbaros Bilek wrote: > > Hello Cristian, > > If you put your physical interface into veb(4) and set link1 flag you can > filter dhcp packets. > For more please read man veb > Have a nice weekend. > > -- > Best Regards > Barbaros > > > > On Sat, Dec 17, 2022 at 4:40 PM Cristian Danila wrote: >> >> Thanks for the provided info, now it makes sense about what is happening. >> Any idea about a possible way to control these packets? >> Still investigating but I had still not found yet a way to do it. >> >> Thank you. >> >> On Sat, Dec 17, 2022 at 3:11 PM David Gwynne wrote: >> > >> > dhcpd reads packets off the wire using BPF, which happens as packets come >> > off the network interface, but before the IP stack where pf runs. >> > >> > > On 17 Dec 2022, at 22:40, Cristian Danila wrote: >> > > >> > > Good day! >> > > I finished setup an DHCP server and for some reason it seems DHCP >> > > server is ignoring PF filter. >> > > In short, in PF I have active only one rule: >> > > block drop quick all >> > > >> > > Double checked PF and it is enabled >> > > So using a windows machine to test DHCP server: >> > > 1) ifconfig /release >> > > 2) ifconfig /renew >> > > >> > > somehow dhcpd still serves the windows(only when is enabled) and >> > > ignores PF rule. >> > > Could you please help me in telling if dhcpd has some intended logic >> > > to ignore PF or what might >> > > cause this unexpected behavior? >> > > >> > > Kind Regards! >> > > >> > >>
Re: DHCP server ignoring PF rules?
Hello Cristian, If you put your physical interface into veb(4) and set link1 flag you can filter dhcp packets. For more please read man veb Have a nice weekend. -- Best Regards Barbaros On Sat, Dec 17, 2022 at 4:40 PM Cristian Danila wrote: > Thanks for the provided info, now it makes sense about what is happening. > Any idea about a possible way to control these packets? > Still investigating but I had still not found yet a way to do it. > > Thank you. > > On Sat, Dec 17, 2022 at 3:11 PM David Gwynne wrote: > > > > dhcpd reads packets off the wire using BPF, which happens as packets > come off the network interface, but before the IP stack where pf runs. > > > > > On 17 Dec 2022, at 22:40, Cristian Danila wrote: > > > > > > Good day! > > > I finished setup an DHCP server and for some reason it seems DHCP > > > server is ignoring PF filter. > > > In short, in PF I have active only one rule: > > > block drop quick all > > > > > > Double checked PF and it is enabled > > > So using a windows machine to test DHCP server: > > > 1) ifconfig /release > > > 2) ifconfig /renew > > > > > > somehow dhcpd still serves the windows(only when is enabled) and > > > ignores PF rule. > > > Could you please help me in telling if dhcpd has some intended logic > > > to ignore PF or what might > > > cause this unexpected behavior? > > > > > > Kind Regards! > > > > > > >
Re: DHCP server ignoring PF rules?
Thanks for the provided info, now it makes sense about what is happening. Any idea about a possible way to control these packets? Still investigating but I had still not found yet a way to do it. Thank you. On Sat, Dec 17, 2022 at 3:11 PM David Gwynne wrote: > > dhcpd reads packets off the wire using BPF, which happens as packets come off > the network interface, but before the IP stack where pf runs. > > > On 17 Dec 2022, at 22:40, Cristian Danila wrote: > > > > Good day! > > I finished setup an DHCP server and for some reason it seems DHCP > > server is ignoring PF filter. > > In short, in PF I have active only one rule: > > block drop quick all > > > > Double checked PF and it is enabled > > So using a windows machine to test DHCP server: > > 1) ifconfig /release > > 2) ifconfig /renew > > > > somehow dhcpd still serves the windows(only when is enabled) and > > ignores PF rule. > > Could you please help me in telling if dhcpd has some intended logic > > to ignore PF or what might > > cause this unexpected behavior? > > > > Kind Regards! > > >
Re: DHCP server ignoring PF rules?
dhcpd reads packets off the wire using BPF, which happens as packets come off the network interface, but before the IP stack where pf runs. > On 17 Dec 2022, at 22:40, Cristian Danila wrote: > > Good day! > I finished setup an DHCP server and for some reason it seems DHCP > server is ignoring PF filter. > In short, in PF I have active only one rule: > block drop quick all > > Double checked PF and it is enabled > So using a windows machine to test DHCP server: > 1) ifconfig /release > 2) ifconfig /renew > > somehow dhcpd still serves the windows(only when is enabled) and > ignores PF rule. > Could you please help me in telling if dhcpd has some intended logic > to ignore PF or what might > cause this unexpected behavior? > > Kind Regards! >
DHCP server ignoring PF rules?
Good day! I finished setup an DHCP server and for some reason it seems DHCP server is ignoring PF filter. In short, in PF I have active only one rule: block drop quick all Double checked PF and it is enabled So using a windows machine to test DHCP server: 1) ifconfig /release 2) ifconfig /renew somehow dhcpd still serves the windows(only when is enabled) and ignores PF rule. Could you please help me in telling if dhcpd has some intended logic to ignore PF or what might cause this unexpected behavior? Kind Regards!
