Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
"Allow DHCP clients in/on/ WAN" - Why are these automatically generated?
« previous
next »
Print
Pages: [
1
]
Author
Topic: "Allow DHCP clients in/on/ WAN" - Why are these automatically generated? (Read 4231 times)
shred
Newbie
Posts: 17
Karma: 2
"Allow DHCP clients in/on/ WAN" - Why are these automatically generated?
«
on:
September 12, 2019, 05:45:03 am »
Apologies if this is a stupid question but I can't figure out why these firewall rules were automatically generated or what they would be used for on a typical home network. I'm still learning OPNsense in a VM environment as I'm considering replacing my Sophos XG setup with it.
I have a clean install of OPNsense with just a few minor adjustments (IPS enabled, Web Proxy w/ ClamAV, etc.). OPNsense is also running a DHCP server for IPv4 (no DHCP server for IPv6). I noticed in the WAN firewall rules, there are several automatically generated rules (see attached screenshot).
I don't understand what these rules are for:
- allow dhcpv6 client in WAN (3 of them)
- allow DHCP client on WAN (2 of them)
On the LAN firewall rules, there are three automatically generated rules for "allow access to DHCP server" but that makes sense - those are such that clients on my LAN can access the DHCP server. However, I don't understand why there are rules on the WAN side.
Logged
hbc
Hero Member
Posts: 501
Karma: 47
Re: "Allow DHCP clients in/on/ WAN" - Why are these automatically generated?
«
Reply #1 on:
September 12, 2019, 10:58:46 pm »
I assume you set your WAN interface to receive a dhcp address. So rules are needed that allow your OPNsense to receive the DHCP reply from your provider/uplink.
If you use a static ip on WAN interface, the rules are not needed and should not be created
Logged
Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR
shred
Newbie
Posts: 17
Karma: 2
Re: "Allow DHCP clients in/on/ WAN" - Why are these automatically generated?
«
Reply #2 on:
September 13, 2019, 02:01:57 am »
Thanks. Makes complete sense. I've become too use to Sophos XG where it hides a lot of these "behind the scene" firewall rules. That's one thing I really like about OPNsense, it shows you everything.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
"Allow DHCP clients in/on/ WAN" - Why are these automatically generated?