pfSense

Do you mean that we want to be able to ignore certain offers? Or are you implying that pfSense is ingoring DHCP offers?

My cable modem does this, and it's extremely annoying, so I'd be all for such an option. It would also be easy to replicate/test, all I need to do is yank the coax out of my modem.

Unfortunately it appears that the reject statement only allows individual IP addresses, so denying all private servers isn't quite that easy. But we could still have a field somewhere to enter some IP addresses to reject leases from it would be helpful.

Seth Mos wrote:

Would a hook into the dhclient-script not be a option for this to return on a "invalid" address

I suppose that might be viable, but it might require some shell script subnet math (or a small second script/program to test if an IP is inside a given subnet).

The ISC dhclient allows rejecting of subnets:
Quote from ISC dhclient doc:
----------------------------
reject 192.168.0.0/16, 10.0.0.5;

The above example would cause offers from any server identifier in the
entire RFC 1918 "Class C" network 192.168.0.0/16, or the specific
single address 10.0.0.5, to be rejected.
----------------------------
The dhclient source code (clparse.c parse_reject_statement) has code in it to parse netmasks.
So, for example, it would be possible to have an option to reject all offers of private IPs on WAN.