On Sun, Feb 18, 2024 at 4:15 AM Marcus MERIGHI <mcmer-open...@tor.at> wrote:
> Hello, > > this is not to answer the original question, but... > > kgo...@gmail.com (Kenneth Gober), 2024.02.17 (Sat) 22:15 (CET): > > On Sat, Feb 17, 2024 at 10:47 AM Luis Mendes <luisvmen...@yandex.com> > wrote: > > > The interface ure0 is the gateway to the Internet, connected to the > ISP. > > > Somehow, when this interface loses the IP, the lease is not renewed. > > > > This is the rule I would use in my pf.conf to allow my router to send > DHCP > > requests to my ISP: > > > > pass out log quick on ure0 inet proto udp from (ure0) port bootpc to any > > port bootps > > this is not necessary, because: > > "dhcpd reads packets off the wire using BPF, which happens as > packets come off the network interface, but before the IP stack > where pf runs." > David Gwynne <da...@gwynne.id.au> 17 Dec 2022 <misc@openbsd.org> > https://marc.info/?l=openbsd-misc&m=167128237931458 > > Marcus > dhcpd(8) is the DHCP server. It listens for DHCP/BOOTP requests on the network. The original question was about the DHCP client (dhcpleased(8) or dhclient(8)) and renewals, which are packets sent out to the network. Those packets do pass through pf when being sent (as far as I know) although at the other end whatever server you are sending to might be using BPF to read them. It is true that dhcpleased(8) and dhclient(8) may use BPF to receive responses from DHCP servers, but you will never receive any response if your requests are blocked before they can even leave your machine. This is why I have a 'pass out' rule. It is to allow DHCP requests to be sent *out* to the network. -ken
