On Fri, 2006-02-03 at 13:02 -0700, Lamont R. Peterson wrote: > On the machine with this firewall config, try to "ifup" your DHCP > interface(s). Notice how it works? Netfilter will never block DHCP > client-side (I've never tested this filewall config on the DHCP server; my > first inclination is to expect that you could still get DHCP, but maybe not). > > Remember, there are *no* rules in this config allowing traffic of *any* kind. > And yet, DHCP still works. This is an intentional feature in Netfilter. Not really. Has nothing to do with netfilter. Many dhcp clients (like ISC's) operate by using packet sockets to send/receive raw ethernet frames, which completely bypasses the kernel's IPv4 stack, netfilter and all. Its not a netfilter "feature". IIRC, DHCP server daemons tend to do this as well.
Description: This is a digitally signed message part