>My guess is that dhrelay uses PACKET sockets. About everything with DHCP from ISC uses AF_PACKET, as far as I can see. And I guess it's not only ISC. Simply because DHCP needs to play with "normally unroutable" addresses like 0.0.0.0 and 255.255.255.255. In the earlier days, one could poke on the kernel's routing tables, today this is not as easy anymore and we're all better off using PACKET sockets. Er, this does not help the problem. Dang. Surprisingly however is, that despite PACKET bypasses the firewall, that I was able to drop incoming dhcp packets and dhcpd got nothin... Jan Engelhardt --
