I've configured Windows Firewall in Windows 7 to block all traffic on the public interface, except to certain IP addresses, as described here: https://superuser.com/a/456326/112560 The problem is, this blocks the DHCP client and I cannot get an IP address from a DHCP server. If I add an exception for the DHCP server by excluding its IP from the blocked IP range (same as for the VPN server) that allows ipconfig /renew to work once I have an IP address, but if I release the IP address I cannot get another one unless I disable that firewall rule. I suspect this is because the DHCP DISCOVER client broadcast is still being blocked, so it cannot find the DHCP server. How do allow the DHCP client and connections to specific IPs, while blocking everything else?
Answer
In the Windows Firewall, blocked connections take precedence over allowed connections. There is an option to overrule that, but it is not available for outbound rules. Hence, to allow DHCP client broadcasts, you will have to exclude them from the rule suggested in this answer, assuming this firewall rule is indeed responsible for breaking your DHCP setup.
DHCP clients use the remote UDP port 67 for IPv4 and 547 for IPv6. If you are using the IP-based instead of port-based solution, exclude the broadcast address 255.255.255.255.
No comments:
Post a Comment