Refuse RFC1918 offers on DHCP WAN



  • On 2.3.x, if I want to reject DHCP offers from 192.168.100.0/24 how should that be entered?
    When I try to enter it like this, it gets rejected for syntax:



  • Rebel Alliance Developer Netgate

    I split this off since the other post was 3 years old and this is a different question.

    You don't need to reject the entire subnet, just the DHCP server in that subnet, which is probably your modem at 192.168.100.1



  • Thanks Jim.  Ok, I know in a past version (maybe 2.2 or 2.1) it did accept a subnet there.  If it only accepts individual IPs now, the wording beneath the field should remove the "…place the IP address or subnet of the DHCP server…" since that is a bit confusing.


  • LAYER 8 Global Moderator

    So you can not use subnet?  What if your isp has a bunch of dhcp servers on the same subnet you want to block and only accept IP from different set of dhcp servers?

    I agree with luckman212 if you can not use subnet in some form of /cidr or whatever then the "or subnet" should prob be removed from the description ;)
    "


  • Rebel Alliance Developer Netgate

    The text probably needs to be corrected. It may have allowed the entry before but I don't think it worked. According to the man page it only takes an IP address.

    reject ip-address;
        The reject statement causes the DHCP client to reject offers from
        servers who use the specified address as a server identifier.
        This can be used to avoid being configured by rogue or misconfig-
        ured DHCP servers, although it should be a last resort - better
        to track down the bad DHCP server and fix it.


  • Rebel Alliance Developer Netgate

    I pushed a change to fix the description so that it only lists IP address, not subnet.



  • Thanks!  I was about to submit my own PR but as I was about to push it, I noticed that you had already changed the text ;)


Log in to reply