I have set up an address list for DHCPv4 with 0.0.0.0/32 in it as this is the source address for (initial) DHCP requests. I have a input filter that uses this address list but it doesn’t seem to match:
[admin@router] > /ip firewall address-list print where list =dhcp-clients_v4
Flags: X - disabled, D - dynamic
# LIST ADDRESS
0 dhcp-clients_v4 192.168.0.0/24
1 dhcp-clients_v4 0.0.0.0
But I still see match on the rule below that allows any address through:
[admin@router] > /ip firewall filter print chain=input stats
Flags: X - disabled, I - invalid, D - dynamic
# CHAIN ACTION BYTES PACKETS
8 ;;; connection-state=new protocol=udp src-address-list=dhcp-clients_v4 src-port=68 dst-port=67
input accept 56 344 152
9 ;;;; DHCPv4
input log 4 020 9
10 ;;; connection-state=new protocol=udp src-port=68 dst-port=67
input accept 4 020 9
And in the logs:
12:10:56 firewall,info DHCP input: in:ether2 out:(none), proto UDP, 0.0.0.0:68->255.255.255.255:67, len 350
12:10:56 firewall,info DHCP input: in:ether2 out:(none), proto UDP, 0.0.0.0:68->255.255.255.255:67, len 350
12:32:52 firewall,info DHCP input: in:ether2 out:(none), proto UDP, 0.0.0.0:68->255.255.255.255:67, len 344
12:32:52 firewall,info DHCP input: in:ether2 out:(none), proto UDP, 0.0.0.0:68->255.255.255.255:67, len 344
12:56:49 firewall,info DHCP input: in:ether2 out:(none), proto UDP, 0.0.0.0:68->255.255.255.255:67, len 576
12:56:49 firewall,info DHCP input: in:ether2 out:(none), proto UDP, 0.0.0.0:68->255.255.255.255:67, len 576
12:56:51 firewall,info DHCP input: in:ether2 out:(none), proto UDP, 0.0.0.0:68->255.255.255.255:67, len 576
12:56:51 firewall,info DHCP input: in:ether2 out:(none), proto UDP, 0.0.0.0:68->255.255.255.255:67, len 576
13:14:59 firewall,info DHCP input: in:ether2 out:(none), proto UDP, 0.0.0.0:68->255.255.255.255:67, len 328
Is this something that should work?
Matt.