[src/trunk]: src/etc/defaults Allow DHCP

[sevan <sevan%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/0dabce2e2101
branches:  trunk
changeset: 455582:0dabce2e2101
user:      sevan <sevan%NetBSD.org@localhost>
date:      Sun Apr 07 02:08:08 2019 +0000

description:
Allow DHCP
Neighbour Advertisement should be allowed both ways, otherwise
ipv6nd_sendadvertisement() from dhcpcd logs "Network is unreachable"

diffstat:

 etc/defaults/npf.boot.conf |  8 ++++++--
 1 files changed, 6 insertions(+), 2 deletions(-)

diffs (26 lines):

diff -r a14d95a1b7bc -r 0dabce2e2101 etc/defaults/npf.boot.conf
--- a/etc/defaults/npf.boot.conf        Sun Apr 07 01:39:12 2019 +0000
+++ b/etc/defaults/npf.boot.conf        Sun Apr 07 02:08:08 2019 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: npf.boot.conf,v 1.1 2019/04/02 01:50:32 sevan Exp $
+#      $NetBSD: npf.boot.conf,v 1.2 2019/04/07 02:08:08 sevan Exp $
 #
 # /etc/defaults/npf.boot.conf --
 #      initial configuration for npf(4)
@@ -25,11 +25,15 @@
 # (the DHCP server can be down or not responding).
 pass stateful out proto icmp icmp-type echo all
 
+# Allow DHCP
+pass out family inet4 proto udp from any port bootpc to any port bootps
+pass in family inet4 proto udp from any port bootps to any port bootpc
+
 # Allow IPv6 router/neighbor solicitation and advertisement.
 pass out  family inet6 proto ipv6-icmp icmp-type rtsol all
 pass in family inet6 proto ipv6-icmp icmp-type rtadv all
 pass out  family inet6 proto ipv6-icmp icmp-type neighsol all
-pass in family inet6 proto ipv6-icmp icmp-type neighadv all
+pass family inet6 proto ipv6-icmp icmp-type neighadv all
 
 # Enable CARP, to avoid spurious failovers.
 pass proto carp all