% pfilter - packet filtering for GNU/Linux
%
% pfilter ruleset for opening/closing the dhcp server

% Copyright 2003 Neil Gorsuch
%
% This file is part of pfilter.
%
% pfilter is free software; you can redistribute it and/or modify
% it under the terms of the GNU General Public License as published by
% the Free Software Foundation; either version 2 of the License, or
% (at your option) any later version.
%
% pfilter is distributed in the hope that it will be useful,
% but WITHOUT ANY WARRANTY; without even the implied warranty of
% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
% GNU General Public License for more details.
%
% You should have received a copy of the GNU General Public License
% along with this program; if not, write to the Free Software
% Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

% This service is defined because it includes various broadcast packets,
% as well as multiple tcp and udp porets.

%macro service-dhcp-open src_address dest_address src_int dest_int src_bcast dest_bcast
# dhcp service starts with a udp broadcast packet from the 
# client to the server, from the bootpc to the bootps port.
# Sometimes they appear as source 0.0.0.0 destination 255.255.255.255.
%open_protocol_port% 0.0.0.0 255.255.255.255 %src_int% %dest_int% udp bootps
# Sometimes they appear as the proper source/destinations.
%open_protocol_port% %src_address% %dest_address% %src_int% %dest_int% udp bootps
%endmacro

%macro service-dhcp-close src_address dest_address src_int dest_int src_bcast dest_bcast
# dhcp service starts with a udp broadcast packet from the 
# client to the server, from the bootpc to the bootps port.
# Sometimes they appear as source 0.0.0.0 destination 255.255.255.255.
%close_protocol_port% 0.0.0.0 255.255.255.255 %src_int% %dest_int% udp bootps
# Sometimes they appear as the proper source/destinations.
%close_protocol_port% %src_address% %dest_address% %src_int% %dest_int% udp bootps
%endmacro

