Re: pf rule help needed

["Steven N. Fettig" <openbsd_(_at_)_stevenfettig_(_dot_)_com>]

Jason Opperisano wrote:

> On Sat, 2005-02-12 at 19:26, Aaron Jackson wrote:
>  
>
> > That is impossible.  You need an ip address before you can send or 
> > receive udp packets.  If I remember correctly, and I'm not making any 
> > guarantees, DHCP requests are similar to arp requests and therefore are 
> > not routable (i.e. DHCP requests usually don't make it past a router 
> > unless they are encapsulated first).
> >    
>
> and this backs up the argument that DHCP uses TCP how exactly?
>
>  
>
> > I admit I didn't read the beginning of this thread 
> >    
>
> ah--'nuff said.  thanks for you valuable input.
>
> -j
>
> ps -- i'm subscribed to the list; please don't CC me.
>
> --
> "You must be stupider than you look!
> Stupider like a fox!"
> 	--The Simpsons
>
>  
I didn't write the rules that I quoted myself - I was showing a ruleset 
that worked as a guide - but for the hell of it, look at /etc/services:

On OpenBSD:
-bash-2.05b$ cat /etc/services | grep bootp
bootps          67/tcp          # BOOTP server
bootps          67/udp
bootpc          68/tcp          # BOOTP client
bootpc          68/udp

another one - on FreeBSD:
-bash-2.05b$ cat /etc/services | grep bootp
bootps           67/tcp    dhcps        #Bootstrap Protocol Server
bootps           67/udp    dhcps        #Bootstrap Protocol Server
bootpc           68/tcp    dhcpc        #Bootstrap Protocol Client
bootpc           68/udp    dhcpc        #Bootstrap Protocol Client

I'm pretty sure this is where the writer of the rules I quoted got this 
from.  Plus, if you default block all and then write those rules, DHCP 
works again.

Steve Fettig