OPNsense Forum

English Forums => General Discussion => Topic started by: shred on September 12, 2019, 05:45:03 am

Title: "Allow DHCP clients in/on/ WAN" - Why are these automatically generated?
Post by: shred on September 12, 2019, 05:45:03 am

Apologies if this is a stupid question but I can't figure out why these firewall rules were automatically generated or what they would be used for on a typical home network. I'm still learning OPNsense in a VM environment as I'm considering replacing my Sophos XG setup with it.

I have a clean install of OPNsense with just a few minor adjustments (IPS enabled, Web Proxy w/ ClamAV, etc.). OPNsense is also running a DHCP server for IPv4 (no DHCP server for IPv6). I noticed in the WAN firewall rules, there are several automatically generated rules (see attached screenshot).

I don't understand what these rules are for:
- allow dhcpv6 client in WAN (3 of them)
- allow DHCP client on WAN (2 of them)

On the LAN firewall rules, there are three automatically generated rules for "allow access to DHCP server" but that makes sense - those are such that clients on my LAN can access the DHCP server. However, I don't understand why there are rules on the WAN side.

Title: Re: "Allow DHCP clients in/on/ WAN" - Why are these automatically generated?
Post by: hbc on September 12, 2019, 10:58:46 pm

I assume you set your WAN interface to receive a dhcp address. So rules are needed that allow your OPNsense to receive the DHCP reply from your provider/uplink.

If you use a static ip on WAN interface, the rules are not needed and should not be created

Title: Re: "Allow DHCP clients in/on/ WAN" - Why are these automatically generated?
Post by: shred on September 13, 2019, 02:01:57 am

Thanks. Makes complete sense. I've become too use to Sophos XG where it hides a lot of these "behind the scene" firewall rules. That's one thing I really like about OPNsense, it shows you everything.