in supplement to this thread (still unsolved) - viewtopic.php?f=2&t=101896 - I want to ask the same question again.
When my firewall rules on my testing router with ROS 6.40 dropped the whole WAN traffic, it was not possible that the WAN port got an IP address from the ISP. In ROS 6.42.9 and 6.43 for example I also tested it and there the WAN port can assign an IP address although my firewall rules block the whole traffic on this interface. I noticed this strange behavior because I have rules for the WAN port which also counts the DHCP renews. And in ROS 6.42 I noticed that the counter stays on zero but the IP could be assigned. The UDP connections were also shown on the connections list.
How can this happen that the WAN port can assign an IP from ISP although the whole traffic is blocked (will be firewall service be loaded too late while starting)?
Are there hidden rules or even more hidden rules implemented on newer firmware releases?
Thanks, a lot.