PF iptables rule -> PF rule

[wienne]

Linux system

iptables -A POSTROUTING -t mangle -p udp --dport bootpc -j CHECKSUM --checksum-fill

in Freebsd
Similarly,
what are the rules for PF

thank ！

 

[SirDice]

Can you explain a little what that rule is supposed to do? Prevent an XY problem and explain what your intentions are, there might be a different solution to your problem.

 

[canihazsekooriti]

Did you try ChatGPT for this? It explained to me pretty well.

 

[wienne]

Can you explain a little what that rule is supposed to do? Prevent an XY problem and explain what your intentions are, there might be a different solution to your problem.

on Freebsd 14.1 ,isc-dhcpd-4.4.3-P1
Abnormal IP address allocation
LOG

Nov 12 20:57:36 <local0.info> swy-dhcp dhcpd[2149]: DHCPREQUEST for 10.15.88.4 (10.15.16.222) from 80:f6:2e:f5:6f:5a (SWY-A2-1F-C-3600-28C-PWR-1) via 10.15.88.252
Nov 12 20:57:36 <local0.info> swy-dhcp dhcpd[2149]: DHCPACK on 10.15.88.4 to 80:f6:2e:f5:6f:5a (SWY-A2-1F-C-3600-28C-PWR-1) via 10.15.88.252
Nov 12 20:57:44 <local0.debug> swy-dhcp dhcpd[2149]: reuse_lease: lease age 8089 (secs) under 25% threshold, reply with unaltered, existing lease for 10.15.88.4
Nov 12 20:57:44 <local0.info> swy-dhcp dhcpd[2149]: DHCPREQUEST for 10.15.88.4 (10.15.16.222) from 80:f6:2e:f5:6f:5a (SWY-A2-1F-C-3600-28C-PWR-1) via 10.15.88.252
Nov 12 20:57:44 <local0.info> swy-dhcp dhcpd[2149]: DHCPACK on 10.15.88.4 to 80:f6:2e:f5:6f:5a (SWY-A2-1F-C-3600-28C-PWR-1) via 10.15.88.252
Nov 12 20:57:44 <local0.debug> swy-dhcp dhcpd[2149]: 3 bad udp checksums in 5 packets

found this page
https://lists.centos.org/pipermail/centos/2013-February/132080.html

But I don't know how to implement the same function in PF。

Replace 'isc dhcp' with 'kea', and the IP allocation is also abnormal

 

[wienne]

。

 

[SirDice]

Abnormal IP address allocation

What's abnormal about the log snippet you posted?

 

[VladiBG]

When you are using Virtualization you need to disable HW checksum offloading. That's why there's UDP packets with invalid checksum. Don't try to workaround this on the Firewall/router level it need to be fixed at the source of the problem.

 

[wienne]

Thank you all for your replies.
This malfunction is essentially a DHCP issue,
The network environment is just a bit complex,
An environment that does not involve virtualization.
I can only write a little bit based on my memory about the tests and results I have done, but I have deleted them.
After all, DHCP issues should not be raised in the firewall section.
I will conduct more tests,
First, investigate possible network issues (such as switch configuration paramet。