Feature #2704
dhclient refuse certain DHCP offers (e.g. private RFC1918 leases on WAN)
0%
Description
dhclient can use of the "reject x.y.z.w" keyword to refuse certain offers.
Check http://zhigang.org/wiki/DHCP "How to Prevent DHCP Client from Receiving IP from a Specific Server?".
Discussion: http://forum.pfsense.org/index.php/topic,56330.0.html
History
#1
Updated by Seth Mos about 6 years ago
Do you mean that we want to be able to ignore certain offers? Or are you implying that pfSense is ingoring DHCP offers?
#2
Updated by Chris Buechler about 6 years ago
- Category set to Interfaces
- Affected Version deleted (
2.1)
the ability to ignore private leases is the request. Because some cable modems start handing out private addresses when they lose signal, and some people would prefer to ignore those.
#3
Updated by Jim Pingle about 6 years ago
My cable modem does this, and it's extremely annoying, so I'd be all for such an option. It would also be easy to replicate/test, all I need to do is yank the coax out of my modem.
#4
Updated by Jim Pingle about 6 years ago
Unfortunately it appears that the reject statement only allows individual IP addresses, so denying all private servers isn't quite that easy. But we could still have a field somewhere to enter some IP addresses to reject leases from it would be helpful.
#5
Updated by Seth Mos about 6 years ago
- Category deleted (
Interfaces) - Affected Version set to 2.1
Would a hook into the dhclient-script not be a option for this to return on a "invalid" address
#6
Updated by Jim Pingle about 6 years ago
Seth Mos wrote:
Would a hook into the dhclient-script not be a option for this to return on a "invalid" address
I suppose that might be viable, but it might require some shell script subnet math (or a small second script/program to test if an IP is inside a given subnet).
#7
Updated by Phillip Davis about 6 years ago
The ISC dhclient allows rejecting of subnets:
Quote from ISC dhclient doc:
----------------------------
reject 192.168.0.0/16, 10.0.0.5;
The above example would cause offers from any server identifier in the
entire RFC 1918 "Class C" network 192.168.0.0/16, or the specific
single address 10.0.0.5, to be rejected.
----------------------------
The dhclient source code (clparse.c parse_reject_statement) has code in it to parse netmasks.
So, for example, it would be possible to have an option to reject all offers of private IPs on WAN.
#8
Updated by Jim Pingle over 5 years ago
- Status changed from New to Feedback
I added an option for this in 850324a23e45b3a11231f910290f8ff9b774d9bc a few weeks ago, forgot the ticket existed. :-)
#9
Updated by Chris Buechler over 3 years ago
- Status changed from Feedback to Resolved
done 2+ years ago.