Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Automatic rules for DHCP client on $wan interface

    Scheduled Pinned Locked Moved
    Firewalling
    2
    2
    1.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      andrewp
      last edited by

      While browsing through rules.debug on RELENG_1_SNAPSHOT-07-23-2006 I came across following two
      rules for the $wan interface:

      block in log quick on $wan proto udp from any port = 67 to 192.168.2.0/24 port = 68 label "allow dhcp client out wan"

      pass in quick on $wan proto udp from any port = 67 to any port = 68 label "allow dhcp client out wan"

      It's not very clear to me why there is no similar block rule for the OPT1 (192.168.3.0/24) interface?
      What is the purpose of this block rule?
      And why they both commented as "allow dhcp client out wan"?

      1 Reply Last reply Reply Quote 0
      • S
        sullrich
        last edited by

        The rules label was incorrect.  That is now fixed.

        These rules where inherited from m0n0wall:

        allow our DHCP client out to the WAN

        XXX - should be more restrictive

        (not possible at the moment - need 'me' like in ipfw)

        pass out quick on $wanif proto udp from any port = 68 to any port = 67
        block in $log quick on $wanif proto udp from any port = 67 to $lansa/$lansn port = 68
        pass in quick on $wanif proto udp from any port = 67 to any port = 68

        1 Reply Last reply Reply Quote 0
        • stephenw10S stephenw10 referenced this topic on
        • stephenw10S stephenw10 referenced this topic on
        • stephenw10S stephenw10 referenced this topic on
        • stephenw10S stephenw10 referenced this topic on
        • First post
          Last post