Hi Zack,
Very interesting reply.
I really do remember, under FreeBSD, I was having a similar "dmesg -a" output
telling about DHCP's permission denied issue, and finally
I solved it with a pass rule like:
"pass log quick on $ext_if proto udp from any to any port = 67 keep state"
in /usr/local/etc/pf.conf file.
And reading DHCP traffic never makes its way to pf,
surprised me. Perhaps that's valid only on OpenBSD but not on FreeBSD?
Anyways..
Zack Newman wrote:
Certainly could be. If this happens consistently around a particular
time, you can "live dangerously" and allow all traffic temporarily to
see if the issue is resolved. More safely, use tcpdump(8) to see if you
can find the problem.
> I tried to add:
> pass log quick on $ext_if proto udp from any to any port = 67
> in my pf.conf file, didn't help.
Completely useless. DHCP traffic never makes its way to pf(4) due to
being handled by bpf(4) first, so you don't need such a rule-in fact
you could explicitly block such traffic, and it won't matter. Proof:
No comments:
Post a Comment