Re: /etc/rc: pf vs. dhclient ... lockd, too

>If the user DOES use pf to block packets, then the pf.conf is under

        Then that's exactly the situation we're talking about then. I think hostname.if could definately mention this problem, but the fact is, if the user has set a particular set of rules (in this case block in all/block out all) the thought of netstart poking holes in that, even temporarily, is a bit scary - particularly considering dhcp is often used for temporary installs, then a machine gets moved to production - an interface is used temporarily for dhcp and all of a sudden rules are opened on all interfaces, even if only for a little while.

        I think I would suggest perhaps a change to dhclient's message when it doesn't recieve any offers to tell the user to check their pf.conf rules, as well as mention of this in dhclient(8) and hostname.if(5) to warn users that turning on packet filters can block dhclient receiving answers, and their rules must be constructed accordingly if dhcp is in use.

        If you're in agreement I'll cruft that up.

        -Bob Received on Mon Nov 25 13:57:44 2002