Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Refuse RFC1918 offers on DHCP WAN

    DHCP and DNS
    3
    7
    752
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • luckman212
      luckman212 last edited by

      On 2.3.x, if I want to reject DHCP offers from 192.168.100.0/24 how should that be entered?
      When I try to enter it like this, it gets rejected for syntax:


      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        I split this off since the other post was 3 years old and this is a different question.

        You don't need to reject the entire subnet, just the DHCP server in that subnet, which is probably your modem at 192.168.100.1

        1 Reply Last reply Reply Quote 0
        • luckman212
          luckman212 last edited by

          Thanks Jim.  Ok, I know in a past version (maybe 2.2 or 2.1) it did accept a subnet there.  If it only accepts individual IPs now, the wording beneath the field should remove the "…place the IP address or subnet of the DHCP server…" since that is a bit confusing.

          1 Reply Last reply Reply Quote 0
          • johnpoz
            johnpoz LAYER 8 Global Moderator last edited by

            So you can not use subnet?  What if your isp has a bunch of dhcp servers on the same subnet you want to block and only accept IP from different set of dhcp servers?

            I agree with luckman212 if you can not use subnet in some form of /cidr or whatever then the "or subnet" should prob be removed from the description ;)
            "

            1 Reply Last reply Reply Quote 0
            • jimp
              jimp Rebel Alliance Developer Netgate last edited by

              The text probably needs to be corrected. It may have allowed the entry before but I don't think it worked. According to the man page it only takes an IP address.

              reject ip-address;
                  The reject statement causes the DHCP client to reject offers from
                  servers who use the specified address as a server identifier.
                  This can be used to avoid being configured by rogue or misconfig-
                  ured DHCP servers, although it should be a last resort - better
                  to track down the bad DHCP server and fix it.

              1 Reply Last reply Reply Quote 0
              • jimp
                jimp Rebel Alliance Developer Netgate last edited by

                I pushed a change to fix the description so that it only lists IP address, not subnet.

                1 Reply Last reply Reply Quote 0
                • luckman212
                  luckman212 last edited by

                  Thanks!  I was about to submit my own PR but as I was about to push it, I noticed that you had already changed the text ;)

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post

                  Products

                  • Platform Overview
                  • TNSR
                  • pfSense
                  • Appliances

                  Services

                  • Training
                  • Professional Services

                  Support

                  • Subscription Plans
                  • Contact Support
                  • Product Lifecycle
                  • Documentation

                  News

                  • Media Coverage
                  • Press
                  • Events

                  Resources

                  • Blog
                  • FAQ
                  • Find a Partner
                  • Resource Library
                  • Security Information

                  Company

                  • About Us
                  • Careers
                  • Partners
                  • Contact Us
                  • Legal
                  Our Mission

                  We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                  Subscribe to our Newsletter

                  Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                  © 2021 Rubicon Communications, LLC | Privacy Policy