J Doe <[email protected]> wrote: > Hi, > > I have a question regarding the temporary pf(4) ruleset that is found > in: /etc/rc. > > A couple of lines below: "# Set initial temporary pf rule set." there > appears to be two lines for DHCPv4 traffic: > > pass out inet proto udp from any port bootpc to any port bootps > pass in inet proto udp from any port bootps to any port bootpc > > ... however, I was under the impression that pf(4) does not require > rules for DHCPv4 traffic because that is done via BPF *before* pf(4) > rules. > > If that is the case, could the explicit DHCPv4 rules be left out ?
In the old days, dhclient used a raw socket to send packets instead of bpf packet sending. bpf didn't even have a send method back in those days. After that was added, we became paranoid and also made bpf capable of inspecting writes via it..
