Project

General

Profile

Feature #2704

dhclient refuse certain DHCP offers (e.g. private RFC1918 leases on WAN)

Added by Dim Hatz over 6 years ago. Updated almost 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
12/02/2012
Due date:
% Done:

0%

Estimated time:

Description

dhclient can use of the "reject x.y.z.w" keyword to refuse certain offers.

Check http://zhigang.org/wiki/DHCP "How to Prevent DHCP Client from Receiving IP from a Specific Server?".

Discussion: http://forum.pfsense.org/index.php/topic,56330.0.html

History

#1 Updated by Seth Mos over 6 years ago

Do you mean that we want to be able to ignore certain offers? Or are you implying that pfSense is ingoring DHCP offers?

#2 Updated by Chris Buechler over 6 years ago

  • Category set to Interfaces
  • Affected Version deleted (2.1)

the ability to ignore private leases is the request. Because some cable modems start handing out private addresses when they lose signal, and some people would prefer to ignore those.

#3 Updated by Jim Pingle over 6 years ago

My cable modem does this, and it's extremely annoying, so I'd be all for such an option. It would also be easy to replicate/test, all I need to do is yank the coax out of my modem.

#4 Updated by Jim Pingle over 6 years ago

Unfortunately it appears that the reject statement only allows individual IP addresses, so denying all private servers isn't quite that easy. But we could still have a field somewhere to enter some IP addresses to reject leases from it would be helpful.

#5 Updated by Seth Mos over 6 years ago

  • Category deleted (Interfaces)
  • Affected Version set to 2.1

Would a hook into the dhclient-script not be a option for this to return on a "invalid" address

#6 Updated by Jim Pingle over 6 years ago

Seth Mos wrote:

Would a hook into the dhclient-script not be a option for this to return on a "invalid" address

I suppose that might be viable, but it might require some shell script subnet math (or a small second script/program to test if an IP is inside a given subnet).

#7 Updated by Phillip Davis over 6 years ago

The ISC dhclient allows rejecting of subnets:
Quote from ISC dhclient doc:
----------------------------
reject 192.168.0.0/16, 10.0.0.5;

The above example would cause offers from any server identifier in the
entire RFC 1918 "Class C" network 192.168.0.0/16, or the specific
single address 10.0.0.5, to be rejected.
----------------------------
The dhclient source code (clparse.c parse_reject_statement) has code in it to parse netmasks.
So, for example, it would be possible to have an option to reject all offers of private IPs on WAN.

#8 Updated by Jim Pingle about 6 years ago

  • Status changed from New to Feedback

I added an option for this in 850324a23e45b3a11231f910290f8ff9b774d9bc a few weeks ago, forgot the ticket existed. :-)

#9 Updated by Chris Buechler almost 4 years ago

  • Status changed from Feedback to Resolved

done 2+ years ago.

Also available in: Atom PDF