Den fre 13 juni 2025 kl 05:33 skrev David Gwynne <david@gwynne.id.au>:
>
> tl;dr this replaces bpf with udp sockets in dhcpd, mostly to make it
> better at replying with the ip that requests were sent to.
> while i've tried to make dhcpd work the same as it did before this
> change, there is a big semantic difference that's outside it's control.
> bpf operated before pf, so you didn't have to write rules in pf.conf to
> allow dhcpd to work. because udp socket processing happens as part of
> the network stack, dhcp packets are now subject to pf. if you have a
> default deny ruleset, you have to explicitly allow dhcp packets in your
> ruleset.

While it is a change in behaviour, I would not think it would be a
showstopper. I do like the idea that a client can have a maximally
restrictive pf config and still use dhcp, but on the server side I
would be less surprised to not be able to sidestep the filtering.

-- 
May the most significant bit of your life be positive.