[Firehol-support] DHCP firewall issue

Romeo Theriault romeotheriault at gmail.com
Sat Jun 10 02:23:12 BST 2006

Hi, I'm having a bit of an issue with dhcp while using firehol. I have
eth0 which servers my private lan and I have eth1 with access to the
internet and I'm routing the internal lan to the network. This works
fine. I have DHCP bound to eth0 so it can server ip's the the clients
on the lan. From my understanding of the firewall config I have below
DHCP shouldn't be allowing my clients to get a ip address, but they
are getting an ip address. This worries me. I would of thought that I
would have to type something like

interface eth0 dhcp
        policy return
        server dhcp accept

before my

interface eth0 lan

to get dhcp to work.

If someone could look at my config file below and tell me what I'm
doing wrong I would be very grateful.



# Require release 5 of FireHOL configuration directives
version 5

# A space separated list of all the IPs on the internet, I trust

# The IP address of this Linux and LAN for the rest of the world

# My LAN.
        interface eth0 lan
                protection strong
                server ident reject with tcp-reset
                client all accept

        # Make sure the traffic coming in, comes from valid Internet IPs,
        # and that is targeting my public IP
        interface eth1 internet src not "$UNROUTABLE_IPS" dst "$public_ip"
                # Protect me from various kinds of attacks.
                protection strong

                # Public servers.
                server ssh  accept src "$sshTrust"

                # Make sure idents do not timeout.
                server ident reject with tcp-reset

                # This is also a workstation.
                client all accept

        # Route the LAN requests to the internet.
        router lan2internet inface eth0 outface eth1

                # Masquerading on outface.

                # Route all specified requests from inface to outface
                # and their replies back.
                route http accept
                route https accept
                route dns accept

More information about the Firehol-support mailing list