[Firehol-support] Problems with DHCLIENT on internet interface

[Randy Belk]

I am having some odd problems with DHCLIENT on my firewall's internet
interface. Once the lease runs out and DHCLIENT requests another one the
broadcast replies seems to not be allowed to my firewall. Here is a copy
of my firehol.conf. Does anyone see any problems. Everything else works
fine. BTW, I'm running Debian Testing.


# for testing...
interface eth0 internet
# for production...
#interface eth0 internet src not "${home_ips} ${UNROUTABLE_IPS}"
    # Protect me from various kinds of attacks.
    protection strong 10/sec 10

    # Public servers.
    server smtp accept log 'SMTP'
    server http accept log 'HTTP'
    server https accept log 'HTTPS'
    server ftp  accept log 'FTP'
    server ssh  accept log 'SSH'

    # Make sure idents do not timeout.
    server ident reject with tcp-reset

    # This is also a workstation.
    client all  accept


# Route the LAN requests to the internet.
router lan2internet inface eth1 outface eth0

    # Masquerading on outface.
    masquerade

    # Route all requests from inface to outface
    # and their replies back.
    route all  accept

# Route the Internet requests to the LAN for DNATS.
router internet2lan inface eth0 outface eth1
route vnc accept dst 192.168.1.135 log 'VNC_R'