Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
DHCP/DHCPv6 automatically configured firewall rules
« previous
next »
Print
Pages: [
1
]
Author
Topic: DHCP/DHCPv6 automatically configured firewall rules (Read 3820 times)
incorrect
Newbie
Posts: 8
Karma: 1
DHCP/DHCPv6 automatically configured firewall rules
«
on:
July 05, 2020, 02:10:41 pm »
Is there a reason IPv4 UDP ports 546/547 and IPv6 UDP ports 67/68 are added automatically as allow when DHCP/DHCPv6 are used on an interface?
Logged
marjohn56
Hero Member
Posts: 1701
Karma: 179
Re: DHCP/DHCPv6 automatically configured firewall rules
«
Reply #1 on:
July 05, 2020, 11:17:23 pm »
Think about it... what ports do dhcp and dhcp6 use? Now what would happen if the ports were closed?
Very easily googled..
«
Last Edit: July 05, 2020, 11:24:24 pm by marjohn56
»
Logged
OPNsense 24.7
-
Qotom Q355G4
- ISP -
Squirrel 1Gbps
.
Team Rebellion Member
- If we've helped you remember to applaud
incorrect
Newbie
Posts: 8
Karma: 1
Re: DHCP/DHCPv6 automatically configured firewall rules
«
Reply #2 on:
July 05, 2020, 11:47:37 pm »
I understand why IPv4 UDP 67/68 and IPv6 UDP 546/547 need to be permitted, but as far as I'm aware DHCP doesn't use IPv6 and DHCPv6 doesn't use IPv4. The rules should match what the protocols use and require.
Logged
marjohn56
Hero Member
Posts: 1701
Karma: 179
Re: DHCP/DHCPv6 automatically configured firewall rules
«
Reply #3 on:
July 06, 2020, 08:31:31 am »
Good point, never noticed that.. Perhaps Franco or Ad can answer.
Logged
OPNsense 24.7
-
Qotom Q355G4
- ISP -
Squirrel 1Gbps
.
Team Rebellion Member
- If we've helped you remember to applaud
packet loss
Full Member
Posts: 134
Karma: 26
Re: DHCP/DHCPv6 automatically configured firewall rules
«
Reply #4 on:
July 11, 2020, 08:03:40 pm »
I'm sure they will fix this issue. Somthing I noticed for awhile now is that there isn't enough coding logic to remove unneccesary automatically generated ipv4+v6 rules when IPv6 is disabled.
Logged
Redundanz
Newbie
Posts: 6
Karma: 1
Re: DHCP/DHCPv6 automatically configured firewall rules
«
Reply #5 on:
July 24, 2020, 09:39:44 am »
DHCP relay agents (DHCPv4 over IPv6 , vice versa) would use these ports afaik.
Logged
incorrect
Newbie
Posts: 8
Karma: 1
Re: DHCP/DHCPv6 automatically configured firewall rules
«
Reply #6 on:
July 30, 2020, 03:21:56 am »
I've tried to find reference in the relevant RFCs which explicitly permit this, but from my reading it is at least implied DHCP is restricted to transport via IPv4 and DHCPv6 via IPv6.
Is there any supporting documentation which specifies otherwise?
Is there an example of this being implemented outside of the formal specifications?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
DHCP/DHCPv6 automatically configured firewall rules