Allow DHCP

Neighbour Advertisement should be allowed both ways, otherwise ipv6nd_sendadvertisement() from dhcpcd logs "Network is unreachable"
2019-04-07 02:08:08 +00:00 · 2019-04-07 02:08:08 +00:00 · 10a9937f89
commit 10a9937f89
parent 07fc061053
1 changed files with 6 additions and 2 deletions
--- a/etc/defaults/npf.boot.conf
+++ b/etc/defaults/npf.boot.conf
@ -1,4 +1,4 @@
-#	$NetBSD: npf.boot.conf,v 1.1 2019/04/02 01:50:32 sevan Exp $
+#	$NetBSD: npf.boot.conf,v 1.2 2019/04/07 02:08:08 sevan Exp $
 #
 # /etc/defaults/npf.boot.conf --
 #	initial configuration for npf(4)
@ -25,11 +25,15 @@ pass stateful out to any port domain
 # (the DHCP server can be down or not responding).
 pass stateful out proto icmp icmp-type echo all

+# Allow DHCP
+pass out family inet4 proto udp from any port bootpc to any port bootps
+pass in family inet4 proto udp from any port bootps to any port bootpc
+
 # Allow IPv6 router/neighbor solicitation and advertisement.
 pass out  family inet6 proto ipv6-icmp icmp-type rtsol all
 pass in family inet6 proto ipv6-icmp icmp-type rtadv all
 pass out  family inet6 proto ipv6-icmp icmp-type neighsol all
-pass in family inet6 proto ipv6-icmp icmp-type neighadv all
+pass family inet6 proto ipv6-icmp icmp-type neighadv all

 # Enable CARP, to avoid spurious failovers.
 pass proto carp all