DISCOVERs from "unkown network segment" - suppress log messages?
Darren Ankney
darren.ankney at gmail.com
Mon Nov 28 14:54:04 UTC 2022
On Mon, Nov 28, 2022 at 9:36 AM Christina Siegenthaler <tina at ieu.uzh.ch> wrote:
> > As you say, simplest to just firewall the packets and ignore it.
>
> Tried that today, unfortunately to no avail. macOS has pf installed, but obviously pf does not / cannot block DHCP packets or the other way round, dhcpd grabs the DISCOVERs before pf rules come into effect. So I’m back to field one…
>
> Any other ideas?
The only other thing I could suggest would be to make the move to Kea
(https://www.isc.org/kea/) as you can set it to not use raw sockets
(listen on a udp socket instead) which is totally fine if all of your
dhcp traffic originates from one or more relay agents. if any of the
answers are going to be to local broadcast traffic, then raw sockets
would be the only possibility. Discussion about it here in the Kea
manual: https://kea.readthedocs.io/en/kea-2.2.0/arm/dhcp4-srv.html#interface-configuration
If you are able to have the DHCP service listen on a normal UDP
socket, then pf should be able to police the traffic before the DHCP
service is able to grab the packet.
More information about the dhcp-users
mailing list