
#-----------------------------------------------------------------------
# README
#-----------------------------------------------------------------------
#
# If you receive your public IP address by DHCP from your ISP, you'll 
# need to use this module. The module has been kept near the top to
# accept private network addresses if necessary.
#
# To install, copy this file to /etc/firewall/modules/public/services/
# 030-dhcp-servers. You'll have to execute rc.firewall with the 
# --update-config parameter to finish the installation. This will add
# all necessary options to the configuration file.
#
#-----------------------------------------------------------------------
# CHANGES
#-----------------------------------------------------------------------
#
# 2000-10-26  Jean-Sebastien Morisset <jsmoriss@jsm-mv.dyndns.org>
#             Added the "#m# 123" module config.
# 2000-10-14  Jean-Sebastien Morisset <jsmoriss@jsm-mv.dyndns.org>
#             Initial module written for v5.0.
#
#-----------------------------------------------------------------------
# MODULE CONFIGURATION
#-----------------------------------------------------------------------
#
#m# 123
#a# accept
#i#
#n# dhcp
#t# servers
#
#   |--------------------------------------------------------------------|
#d# If you receive your IP address by DHCP from your ISP (Videotron, 
#d# Sympatico, etc.), you'll have to set this variable to your DHCP 
#d# server's hostname(s). If you don't know what they are, you can use 
#d# "any/0". Part of this DHCP traffic is logged (ack, decline, release).
#d#	
#d# Example:
#d#   accept-eth1-dhcp-servers = 10.16.96.1/32 10.23.128.2/32
#   |--------------------------------------------------------------------|
#
#-----------------------------------------------------------------------
# START OF MODULE CODE
#-----------------------------------------------------------------------

for host in `Option_Value accept $INTOPT dhcp servers`
do
	echo "Accept $INTOPT $IPADDR DHCP Client <- $host DHCP Server (logged)"
	#
	# Note:
	#	bootps = 67
	#	bootpc = 68
	#
	# DHCP Discover / DHCP Request
	ipchains -A $OUTCHAIN -j ACCEPT -p udp -s $BROADCAST_SRC bootpc -d $BROADCAST_DEST bootps $LOG
	#
	# DHCP Offer
	ipchains -A $INCHAIN  -j ACCEPT -p udp -s $BROADCAST_SRC bootps -d $BROADCAST_DEST bootpc $LOG
	ipchains -A $INCHAIN  -j ACCEPT -p udp -s $host bootps -d $BROADCAST_DEST bootpc $LOG
	#
	# DHCP Request / DHCP Decline
	ipchains -A $OUTCHAIN -j ACCEPT -p udp -s $BROADCAST_SRC bootpc -d $host bootps -l
	#
	# DHCP Ack / DHCP Nak
	ipchains -A $INCHAIN  -j ACCEPT -p udp -s $host bootps -d $NETWORK/$NETMASK bootpc $LOG
	#
	# DHCP Ack
	ipchains -A $INCHAIN  -j ACCEPT -p udp -s $host bootps -d $IPADDR bootpc -l
	#
	# DHCP Request / DHCP Release
	ipchains -A $OUTCHAIN -j ACCEPT -p udp -s $IPADDR bootpc -d $host bootps -l
done
unset host

