netbsd-users: Re: IPF (and DHCP)

Subject: Re: IPF (and DHCP)
To: Jan Danielsson <jan.danielsson@gmail.com>
From: Patrick Welche <prlw1@newn.cam.ac.uk>
List: netbsd-users
Date: 07/18/2005 18:40:38

On Sun, Jul 17, 2005 at 11:00:00PM +0200, Jan Danielsson wrote:
>

Just chopping out the problematic bit:

> # Allow incoming ssh, and keep its state
> block out quick on ep0 all

> # dhclient
> pass out quick on ep0 proto udp from any to any port = 67 keep state
> keep frags

The dhcp request going out ep0 will get blocked by the first rule. As it
is marked quick, it will never reach the second one..

Cheers,

Patrick