[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: blocking DHCP requests



* Daniel Hartmeier <[email protected]> [2004-10-04 18:28]:
> On Mon, Oct 04, 2004 at 08:29:06AM +0200, Björn Ketelaars wrote:
> 
> > A simple solution to this problem would be to remove wi0 from
> > dhcpd.interfaces, but I wonder; is it 'wise' to give daemons the option to
> > 'bypass' pf?
> 
> It boils down to whether you want bpf to see incoming packets before they hit
> the packet filter, or afterwards. The behaviour is the same for all
> kinds of bpf listeners, whether they're daemons or not.
> 
> All packet filters I know of are placed after bpf on the input path. That
> way, tcpdump (one of the most obvious bpf listeners) shows you packets as they
> arrive at the network interface, before pf might block or modify them.
and I want to add one more: you need to be root to open such a bpf 
descriptor. think about it... if you're root, you can as well run pfctl 
-d.