Contents x
I set up a firewall, but the Kea server still receives packets. Why?
  • 16 Aug 2023
  • 1 Minute to read
  • Contributors
  • Print
  • Dark
    Light
  • PDF
Contents

I set up a firewall, but the Kea server still receives packets. Why?

  • Updated on 16 Aug 2023
  • 1 Minute to read
  • Contributors
  • Print
  • Dark
    Light
  • PDF
Article Summary

Any DHCPv4 server must be able to receive from and send traffic to hosts that don't have an IPv4 address assigned yet. That is typically not possible with regular UDP sockets; therefore, the Kea DHCPv4 server uses raw sockets by default. Raw sockets mean that the incoming packets are received as raw Ethernet frames, thus bypassing the whole kernel IP stack, including any firewalling rules your kernel may provide.

If you do not want the server to use raw sockets, it is possible to configure the Kea DHCPv4 server to use UDP sockets instead. See the dhcp-socket-type configuration parameter described in the the Interface Configuration section of the ARM.

Using UDP sockets has certain limitations. In particular, they may not allow for sending responses directly to clients without IPv4 addresses assigned. That's not a problem, if all your traffic is coming through relay agents.

What's Next

Cookie consent

We use our own and third-party cookies to understand how you interact with our Knowledgebase. This helps us show you more relevant content and ads based on your browsing and navigation history.