Matthias Scheler wrote:
> On Mon, Jan 02, 2006 at 04:50:02PM +0100, Petar Bogdanovic wrote:
>> I assume, that there is a reason behind this.
> 
> Yes, IP Filter is a filter for the IP protocol. BPF is a low level
> interface which receives packets before processing of the packet
> (including IP) has even been started by the kernel. And that's
> a useful feature because it allows you e.g. to use "tcpdump" to
> have a look at all incoming packets before firewall rules are applied.

The bpf(4)-use of dhcpd seems not to be indisputable..

http://mail-index.netbsd.org/tech-security/2002/01/05/0000.html


However, I don't know what happened in the meantime.


Thanks anyway!

Petar