Changing output from error to info

[Simon Hobson]

Bob Harold <rharolde at umich.edu> wrote:

> And if they decide to add another interface for monitoring, or backups, or whatever, I should not have to update by DHCP configuration.  I want to be able to tell DHCP either "only listen to interfaces I tell you about and ignore the others"

Which is already a standard feature - just list the interfaces you want to listen on on the startup command line (or in the config file that's used when starting the server). If other interfaces are added then they will be ignored.

> or "listen to regular packets from any interface".   I have no need for the raw packet handling in my environment.

Then unset the (IIRC) "use raw sockets" compile time option and it'll do exactly what you want !
Unlike commercial proprietary binary blobs you have the freedom to do that. I can see that just having a run-time option to enable/disable raw packet handling could be useful - but it'll need someone to either submit patches or sponsor it.



Leigh Porter <leigh.porter at ukbroadband.com> wrote:

> I agree, these seem like good changes to make. The ability to tell dhcpd to listen for requests without being associated with a local subnet would be very good. I’d then be able to use iptables or other mechanisms to limit the scope of just what can send requests.

It already has that ability - though as already stated it's a compile time option.

> If dhcpd can include a mechanism to limit requests to certain source IP addresses then all the better.

iptables will do that for you. If you are not handling "locally connected" clients then traffic is always with devices that already have an IP address - either the relay agent (which may be unicast or broadcast) or the client directly via unicast. Bear in mind that all the clients need to be able to directly communicate with the server by unicast packets in order to renew leases - so you can't lock your server down to only talk with known relay agents.