Project

General

Profile

Bug #4558

DHCP traffic getting blocked with DHCP Relay enabled

Added by Kill Bill over 4 years ago. Updated about 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
DHCP Relay
Target version:
Start date:
03/27/2015
Due date:
% Done:

0%

Estimated time:
Affected Version:
All
Affected Architecture:
All

Description

Essentially the same issue as Bug #3074 but for IPv4 (blocked by default deny rule IPv4). Contrary to https://forum.pfsense.org/index.php?topic=14459 I don't think it's normal to require people to configure rules for IPv4 when the same works just fine with IPv6.

Associated revisions

Revision 59447369 (diff)
Added by Chris Buechler about 4 years ago

Auto-add firewall rules for DHCP Relay, same as is done for DHCP Server. Add filter reload to DHCP Relay config so rules are immediately added/removed. Ticket #4558

Revision 1ab880ef (diff)
Added by Chris Buechler about 4 years ago

Auto-add firewall rules for DHCP Relay, same as is done for DHCP Server. Add filter reload to DHCP Relay config so rules are immediately added/removed. Ticket #4558

Revision d1867dd2 (diff)
Added by Chris Buechler about 4 years ago

fix comparison here. Ticket #4558

Revision 1f290d62 (diff)
Added by Chris Buechler about 4 years ago

fix comparison here. Ticket #4558

History

#1 Updated by Kill Bill over 4 years ago

Mar 27 14:15:18    filterlog: 5,16777216,,1000000103,ath0_wlan0,match,block,in,4,0x0,,128,29641,0,none,17,udp,352,0.0.0.0,255.255.255.255,68,67,332
Mar 27 14:01:24    filterlog: 5,16777216,,1000000103,ath0_wlan0,match,block,in,4,0x0,,128,29640,0,none,17,udp,352,0.0.0.0,255.255.255.255,68,67,332
Mar 27 14:01:22    filterlog: 5,16777216,,1000000103,ath0_wlan0,match,block,in,4,0x0,,128,29639,0,none,17,udp,352,0.0.0.0,255.255.255.255,68,67,332
Mar 27 13:48:49    filterlog: 5,16777216,,1000000103,ath0_wlan0,match,block,in,4,0x0,,128,29638,0,none,17,udp,352,0.0.0.0,255.255.255.255,68,67,332
Mar 27 13:48:46    filterlog: 5,16777216,,1000000103,ath0_wlan0,match,block,in,4,0x0,,128,29637,0,none,17,udp,352,0.0.0.0,255.255.255.255,68,67,332
$ pfctl -vvsr | grep '@5('
@5(1000000103) block drop in log inet all label "Default deny rule IPv4" 

#2 Updated by Chris Buechler over 4 years ago

  • Status changed from New to Confirmed
  • Target version set to 2.2.3
  • Affected Version changed from 2.2.1 to All

#3 Updated by Chris Buechler over 4 years ago

  • Target version changed from 2.2.3 to 2.3

#4 Updated by Chris Buechler about 4 years ago

  • Status changed from Confirmed to Feedback
  • Target version changed from 2.3 to 2.2.5

should be fixed, leaving for confirmation in snapshot builds.

#5 Updated by Kill Bill about 4 years ago

Are you sure this is correct?

if ($dhcrelayif = $on) {

#6 Updated by Chris Buechler about 4 years ago

Kill Bill wrote:

Are you sure this is correct?

Yes, $on is the interface identifier (wan/lan/optX) at that stage. Same as DHCP server does right above it, just slightly diff because of the diff config structure.

#7 Updated by Kill Bill about 4 years ago

I guess I should have been more explicit - your really sure you don't want

if ($dhcrelayif == $on) {

instead?

$dhcrelayif = "banana";
$on = "apple";
if ($dhcrelayif = $on) {
return "strawberry";
}

#8 Updated by Chris Buechler about 4 years ago

Yes, thanks, I missed your point there. fixed

#9 Updated by Chris Buechler about 4 years ago

  • Status changed from Feedback to Resolved

fixed

Also available in: Atom PDF