e1000 in rawhide kernel
Callum Lerwick
seg at haxxed.com
Sun Feb 5 23:02:21 UTC 2006
On Fri, 2006-02-03 at 13:02 -0700, Lamont R. Peterson wrote:
> On the machine with this firewall config, try to "ifup" your DHCP
> interface(s). Notice how it works? Netfilter will never block DHCP
> client-side (I've never tested this filewall config on the DHCP server; my
> first inclination is to expect that you could still get DHCP, but maybe not).
>
> Remember, there are *no* rules in this config allowing traffic of *any* kind.
> And yet, DHCP still works. This is an intentional feature in Netfilter.
Not really. Has nothing to do with netfilter. Many dhcp clients (like
ISC's) operate by using packet sockets to send/receive raw ethernet
frames, which completely bypasses the kernel's IPv4 stack, netfilter and
all. Its not a netfilter "feature".
IIRC, DHCP server daemons tend to do this as well.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20060205/03f36af1/attachment-0002.bin
More information about the devel
mailing list