Bug #4558
DHCP traffic getting blocked with DHCP Relay enabled
0%
Description
Essentially the same issue as Bug #3074 but for IPv4 (blocked by default deny rule IPv4). Contrary to https://forum.pfsense.org/index.php?topic=14459 I don't think it's normal to require people to configure rules for IPv4 when the same works just fine with IPv6.
Associated revisions
Auto-add firewall rules for DHCP Relay, same as is done for DHCP Server. Add filter reload to DHCP Relay config so rules are immediately added/removed. Ticket #4558
fix comparison here. Ticket #4558
fix comparison here. Ticket #4558
History
#1
Updated by Kill Bill almost 6 years ago
Mar 27 14:15:18 filterlog: 5,16777216,,1000000103,ath0_wlan0,match,block,in,4,0x0,,128,29641,0,none,17,udp,352,0.0.0.0,255.255.255.255,68,67,332 Mar 27 14:01:24 filterlog: 5,16777216,,1000000103,ath0_wlan0,match,block,in,4,0x0,,128,29640,0,none,17,udp,352,0.0.0.0,255.255.255.255,68,67,332 Mar 27 14:01:22 filterlog: 5,16777216,,1000000103,ath0_wlan0,match,block,in,4,0x0,,128,29639,0,none,17,udp,352,0.0.0.0,255.255.255.255,68,67,332 Mar 27 13:48:49 filterlog: 5,16777216,,1000000103,ath0_wlan0,match,block,in,4,0x0,,128,29638,0,none,17,udp,352,0.0.0.0,255.255.255.255,68,67,332 Mar 27 13:48:46 filterlog: 5,16777216,,1000000103,ath0_wlan0,match,block,in,4,0x0,,128,29637,0,none,17,udp,352,0.0.0.0,255.255.255.255,68,67,332
$ pfctl -vvsr | grep '@5(' @5(1000000103) block drop in log inet all label "Default deny rule IPv4"
#2
Updated by Chris Buechler almost 6 years ago
- Status changed from New to Confirmed
- Target version set to 2.2.3
- Affected Version changed from 2.2.1 to All
#3
Updated by Chris Buechler over 5 years ago
- Target version changed from 2.2.3 to 2.3
#4
Updated by Chris Buechler over 5 years ago
- Status changed from Confirmed to Feedback
- Target version changed from 2.3 to 2.2.5
should be fixed, leaving for confirmation in snapshot builds.
#5
Updated by Kill Bill over 5 years ago
Are you sure this is correct?
if ($dhcrelayif = $on) {
#6
Updated by Chris Buechler over 5 years ago
Kill Bill wrote:
Are you sure this is correct?
Yes, $on is the interface identifier (wan/lan/optX) at that stage. Same as DHCP server does right above it, just slightly diff because of the diff config structure.
#7
Updated by Kill Bill over 5 years ago
I guess I should have been more explicit - your really sure you don't want
if ($dhcrelayif == $on) {
instead?
$dhcrelayif = "banana"; $on = "apple"; if ($dhcrelayif = $on) { return "strawberry"; }
#8
Updated by Chris Buechler over 5 years ago
Yes, thanks, I missed your point there. fixed
Auto-add firewall rules for DHCP Relay, same as is done for DHCP Server. Add filter reload to DHCP Relay config so rules are immediately added/removed. Ticket #4558