Monday, 26 November 2018

Configure Windows Firewall to allow DHCP client and specific remote IPs only


I've configured Windows Firewall in Windows 7 to block all traffic on the public interface, except to certain IP addresses, as described here: https://superuser.com/a/456326/112560 The problem is, this blocks the DHCP client and I cannot get an IP address from a DHCP server. If I add an exception for the DHCP server by excluding its IP from the blocked IP range (same as for the VPN server) that allows ipconfig /renew to work once I have an IP address, but if I release the IP address I cannot get another one unless I disable that firewall rule. I suspect this is because the DHCP DISCOVER client broadcast is still being blocked, so it cannot find the DHCP server. How do allow the DHCP client and connections to specific IPs, while blocking everything else?



Answer



In the Windows Firewall, blocked connections take precedence over allowed connections. There is an option to overrule that, but it is not available for outbound rules. Hence, to allow DHCP client broadcasts, you will have to exclude them from the rule suggested in this answer, assuming this firewall rule is indeed responsible for breaking your DHCP setup.


DHCP clients use the remote UDP port 67 for IPv4 and 547 for IPv6. If you are using the IP-based instead of port-based solution, exclude the broadcast address 255.255.255.255.


No comments:

Post a Comment

Where does Skype save my contact's avatars in Linux?

I'm using Skype on Linux. Where can I find images cached by skype of my contact's avatars? Answer I wanted to get those Skype avat...