[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: e1000 in rawhide kernel



On Fri, 2006-02-03 at 13:02 -0700, Lamont R. Peterson wrote:
> On the machine with this firewall config, try to "ifup" your DHCP 
> interface(s).  Notice how it works?  Netfilter will never block DHCP 
> client-side (I've never tested this filewall config on the DHCP server; my 
> first inclination is to expect that you could still get DHCP, but maybe not).
> 
> Remember, there are *no* rules in this config allowing traffic of *any* kind.  
> And yet, DHCP still works.  This is an intentional feature in Netfilter.

Not really. Has nothing to do with netfilter. Many dhcp clients (like
ISC's) operate by using packet sockets to send/receive raw ethernet
frames, which completely bypasses the kernel's IPv4 stack, netfilter and
all. Its not a netfilter "feature".

IIRC, DHCP server daemons tend to do this as well.

Attachment: signature.asc
Description: This is a digitally signed message part


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]