[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: blocking DHCP requests

On Mon, Oct 04, 2004 at 08:29:06AM +0200, Björn Ketelaars wrote:
> A simple solution to this problem would be to remove wi0 from
> dhcpd.interfaces, but I wonder; is it 'wise' to give daemons the option to
> 'bypass' pf?
It boils down to whether you want bpf to see incoming packets before they hit
the packet filter, or afterwards. The behaviour is the same for all
kinds of bpf listeners, whether they're daemons or not.
All packet filters I know of are placed after bpf on the input path. That
way, tcpdump (one of the most obvious bpf listeners) shows you packets as they
arrive at the network interface, before pf might block or modify them.