PF How To Reference DHCP Server Address In pf.conf

[cavguy]

I have a VM running FreeBSD that I have been playing around with packet filter on lately. I am using DHCP to assign my VM its IP address. My VM uses a bridged connection with the host. I move my host around day to day to different networks which of course use different gateways.

I was wondering if there is a easy generic way that I can refer to the DHCP server address in my pf.conf rules, without knowing this address before hand? Without having to use "from any" in my rule.

For example (for port 68 bootpc - I want to allow in the DHCP response message):

pass in on $int_if inet proto udp from any to port 68

Is there a property of "$int_if" that I can use to refer to the interfaces DHCP gateway?

 

[xtaz]

I personally do this:

pass in log proto udp from 0.0.0.0 port bootpc to 255.255.255.255 port bootps

So that's tightening it up more than your rule and allowing the DHCP request from me port 67 out to something else port 68. It uses broadcast and so the IP addresses are correct here. But it at least stops everything else.

The response is allowed already because pf keeps state and recognises the response based on the request.

 

[cavguy]

Thanks xtaz! I will give that rule a try now.

 

[herrbischoff]

Thanks xtaz, this was what I was looking for just now.