DHCP traffic does not appear in firewall logs
-
I have logging enabled on all my firewall rules and checked all the options for firewall log on the setting page.
I connected a laptop to PFSense and it obtained an IP address via DHCP.
The firewall logs do not contain any DHCP entries for the requests and responses on port 67 and 68. A packet capture does sho the traffic.
Is there a way to get the DHCP entries in the Pfsense firewall logs?
Also any rules I set on port 67 and 68 seem to have no effect. How can I get control of those ports so I can restrict and monitor DHCP connections?
Thanks
-
there are hidden rules for dhcp and other essential stuff to prevent people from locking himself out
you can see it with
pfctl -sr | grep "DHCP server"
idk if you can change anything of that, but you can set restriction on the dhcp server tab and see what's happening under Status / System Logs / DHCP.
what kind of restriction do you want to apply with a firewall rule ? -
I just want to see - everything (all network traffic) - in the logs and have control over all the rules. For example, locking down the rules to ensure only the correct router can be used can prevent the result of arp spoofing. I do that on my host do it can only connect to the correct router. I’ll take a look at that. Thanks
-
Solved the logging issue. I did not yet test connectivity.
I added specific rules for port 67 and 68 on the LAN interface for that specific network except have to allow outbound on 68 to anywhere because it’s broadcast. That caused the traffic to appear in the logs.
I do not understand why the catch-all deny rule didn’t show the traffic. I had it set to capture any port, protocol, source, destination and log it.