accidentally forwarding broadcasts, better ways to avoid?

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
Report Content as Inappropriate

accidentally forwarding broadcasts, better ways to avoid?

Cameron Simpson
On a small home network I was using this rule:

  pass in quick on $if_lan from ($if_lan:network) to !($if_lan:network) route-to ($if_egress $gw_egress)

on the premise that I'm trusting my interior clients when they make an outbound

I'm suspecting that this is also NATting DHCP offers (which broadcast to out the egress interface, a disaster.

Is there a better way to write "!($if_lan:network)" to avoid matching
broadcasts?  Or a nice way to preempt this rule to intercept boardcasts, or
perhaps better still "addresses that would deliver to the local machine"?

Presently I've put in an earlier rule matching and also the
local LAN broadcast address, but it feels a little ... hardwired.

Any suggestions?

Cameron Simpson <[hidden email]>