pfSense

Mar 27 14:15:18    filterlog: 5,16777216,,1000000103,ath0_wlan0,match,block,in,4,0x0,,128,29641,0,none,17,udp,352,0.0.0.0,255.255.255.255,68,67,332
Mar 27 14:01:24    filterlog: 5,16777216,,1000000103,ath0_wlan0,match,block,in,4,0x0,,128,29640,0,none,17,udp,352,0.0.0.0,255.255.255.255,68,67,332
Mar 27 14:01:22    filterlog: 5,16777216,,1000000103,ath0_wlan0,match,block,in,4,0x0,,128,29639,0,none,17,udp,352,0.0.0.0,255.255.255.255,68,67,332
Mar 27 13:48:49    filterlog: 5,16777216,,1000000103,ath0_wlan0,match,block,in,4,0x0,,128,29638,0,none,17,udp,352,0.0.0.0,255.255.255.255,68,67,332
Mar 27 13:48:46    filterlog: 5,16777216,,1000000103,ath0_wlan0,match,block,in,4,0x0,,128,29637,0,none,17,udp,352,0.0.0.0,255.255.255.255,68,67,332

$ pfctl -vvsr | grep '@5('
@5(1000000103) block drop in log inet all label "Default deny rule IPv4" 

Are you sure this is correct?

if ($dhcrelayif = $on) {

Kill Bill wrote:

Are you sure this is correct?

Yes, $on is the interface identifier (wan/lan/optX) at that stage. Same as DHCP server does right above it, just slightly diff because of the diff config structure.

I guess I should have been more explicit - your really sure you don't want

if ($dhcrelayif == $on) {

instead?

$dhcrelayif = "banana";
$on = "apple";
if ($dhcrelayif = $on) {
return "strawberry";
}

Yes, thanks, I missed your point there. fixed