Subject: Re: dhcpd(8) _cannot_ be completely disabled on an interface
From: Steven M. Bellovin <>
Date: 01/06/2002 14:24:31
In message <>, Mipam writes:
>> 68/udp     open        bootpc
>This is because dhcp listens on bpf which is before ipf (seen from
>ip stack and so also not through ipf which listens in front of the ip stack.

Run dhcpd only on the inside interface.  It may still be possible to 
send it packets via hand-crafted stuff by someone on the outside LAN, 
but it should help.

		--Steve Bellovin,
