Is dhcprelay supposed to bind to 0.0.0.0:67 or all interfaces when you explicitly run the DHCPv4 relay on specific interfaces? The man page reads:
-i ifname Listen for DHCPv4/BOOTP queries on interface ifname. Multiple interfaces may be specified by using more than one -i option. If no interfaces are specified on the command line, dhcrelay will identify all network interfaces, eliminating non-broadcast interfaces if possible, and attempt to listen on all of them.
I’m seeing it bind to all 0’s:
udp 0 0 0.0.0.0:67 0.0.0.0:*
udp6 0 0 :::547 :::*
This doesn’t happen with NTP or SSH - where you have greater control over which interfaces these services binds to.
I would prefer the process not bind to all interfaces on a firewall configuration i.e. my WAN port is eth0 and i should not have this binding.
This all came about when i looked at my logs and noticed a number of messages:
Jun 11 07:51:57 gw dhcrelay: Can’t process packet from interface ‘eth4.70’.
Jun 11 07:53:02 gw dhcrelay: Can’t process packet from interface ‘eth0’.
Jun 11 07:54:01 gw dhcrelay: Can’t process packet from interface ‘eth4.70’.
eth4.70 is another interface that i have NOT intentionally configured the relay on…
My configuration is running as:
/usr/sbin/dhcrelay -4 -pf /run/dhcp-relay/dhcrelay.pid -i eth4.50 -i eth4 -i eth4.10 -i eth4.40 -i eth4.30 -i eth4.100 -i eth4.90 <ip_redacted>