Feature #2704
closeddhclient refuse certain DHCP offers (e.g. private RFC1918 leases on WAN)
0%
Description
dhclient can use of the "reject x.y.z.w" keyword to refuse certain offers.
Check http://zhigang.org/wiki/DHCP "How to Prevent DHCP Client from Receiving IP from a Specific Server?".
Discussion: http://forum.pfsense.org/index.php/topic,56330.0.html
Updated by Seth Mos about 12 years ago
Do you mean that we want to be able to ignore certain offers? Or are you implying that pfSense is ingoring DHCP offers?
Updated by Chris Buechler about 12 years ago
- Category set to Interfaces
- Affected Version deleted (
2.1)
the ability to ignore private leases is the request. Because some cable modems start handing out private addresses when they lose signal, and some people would prefer to ignore those.
Updated by Jim Pingle about 12 years ago
My cable modem does this, and it's extremely annoying, so I'd be all for such an option. It would also be easy to replicate/test, all I need to do is yank the coax out of my modem.
Updated by Jim Pingle about 12 years ago
Unfortunately it appears that the reject statement only allows individual IP addresses, so denying all private servers isn't quite that easy. But we could still have a field somewhere to enter some IP addresses to reject leases from it would be helpful.
Updated by Seth Mos about 12 years ago
- Category deleted (
Interfaces) - Affected Version set to 2.1
Would a hook into the dhclient-script not be a option for this to return on a "invalid" address
Updated by Jim Pingle about 12 years ago
Seth Mos wrote:
Would a hook into the dhclient-script not be a option for this to return on a "invalid" address
I suppose that might be viable, but it might require some shell script subnet math (or a small second script/program to test if an IP is inside a given subnet).
Updated by Phillip Davis about 12 years ago
The ISC dhclient allows rejecting of subnets:
Quote from ISC dhclient doc:
----------------------------
reject 192.168.0.0/16, 10.0.0.5;
The above example would cause offers from any server identifier in the
entire RFC 1918 "Class C" network 192.168.0.0/16, or the specific
single address 10.0.0.5, to be rejected.
----------------------------
The dhclient source code (clparse.c parse_reject_statement) has code in it to parse netmasks.
So, for example, it would be possible to have an option to reject all offers of private IPs on WAN.
Updated by Jim Pingle over 11 years ago
- Status changed from New to Feedback
I added an option for this in 850324a23e45b3a11231f910290f8ff9b774d9bc a few weeks ago, forgot the ticket existed. :-)
Updated by Chris Buechler about 9 years ago
- Status changed from Feedback to Resolved
done 2+ years ago.