Disabling bootp?

Derelict · Aug 8, 2014, 4:52 AM

I recently turned up a fairly busy DHCP server and have noticed about a dozen of these leases have appeared over the last week or so:


lease 10.0.119.114 {
  starts 0 2014/07/27 18:43:22;
  ends never;
  cltt 0 2014/07/27 18:43:22;
  binding state active;
  next binding state free;
  rewind binding state free;
  hardware ethernet f4:1b:df:23:45:67;
}

Looks like those are the result of bootp requests, not dhcpd. I can imagine those eventually consuming my available pool.

I see that if you enable CARP/failover, the "deny dynamic bootp clients;" directive is added to the pool(s). Is there a way to get this directive into a pool without failover?

What, if any, unintended consequences might I see by doing so (other than bootp failing)?

markuhde · Jan 25, 2015, 1:19 AM

Same thing, I occasionally get a handful of these never ending BOOTP leases and would love to know a way to prevent them from being created.

fsansfil · Jan 25, 2015, 8:04 PM

I constantly get some BOOTREPLY. The only way i found to block them is to add the IP in INTERFACE WAN "Reject Leases From". It will then reject the BOOTREPLY, DHCPOFFER and DHCPACK form that IP.

Problem is how can I reject leases and bootreply from more than one IP, cant seem to add more than one IP in the input box? Or can I accept lease only from a single IP then reject all the others?

F.

cmb · Jan 29, 2015, 8:34 AM

If you have a number of things requesting BOOTP, it could eventually take up your entire scope. BOOTP is very rare in most networks though. Short of hacking /etc/inc/services.inc, there isn't a way to disable it. It's only a matter of removing one line though, right above the line containing "deny dynamic bootp", delete this line:

                        if($poolconf['failover_peerip'] <> "")

Then it'll always add the "deny dynamic bootp" line. Probably something we should have a means of configuring as an advanced option at some point.

phil.davis · Jan 30, 2015, 5:34 PM

This seems a useful advanced option to have, so I added a feature request in Redmine: https://redmine.pfsense.org/issues/4351

Given use of bootp is the less usual case, perhaps disabling bootp in DHCP server should be the default in a new install?

Derelict · Jan 30, 2015, 6:25 PM

Seems to me the culture of pfSense when something like this is encountered is to provide the GUI widget and leave the default alone so when people upgrade as little behavior as possible changes.

So I suggest a "disable responses to bootp requests" checkbox or something, or an advanced config textarea, etc.

cmb · Jan 30, 2015, 6:58 PM

@Derelict:

Seems to me the culture of pfSense when something like this is encountered is to provide the GUI widget and leave the default alone so when people upgrade as little behavior as possible changes.

So I suggest a "disable responses to bootp requests" checkbox or something, or an advanced config textarea, etc.

Yeah that'd be the proper approach. While rare these days, there are some devices that use BOOTP out there, and disabling it by default would cause havoc for some. That's the type of thing we don't change by default, but could add something to allow people to change it if they want.