Re: ipchains cannot block dhcp

[Darren Reed <darrenr () reed wattle id au>]

In some email I received from Miyajima Hiroaki, sie wrote:
> Nice to meet you!
>
> In filtering packets by ipchains (LINUX),
> dhcpd worked regularly even if all packets were blocked.
>
> I guessed all packets were to be discarded.
> So I am wondering why dhcpd could work.
>
> Please let me know the reason.

Typically the DHCP packages (including the one used by BSDs)
"sniff" the DHCP packets off the network rather than receive
them through TCP/IP using whichever interface is relevant.
Given the nature of this beast, it is quite possible they
are using similar "tricks" to send back DHCP replies.  In both
cases, the flow of packets bypasses the path in which filtering
of IP packets is done.

Darren