7 Feb
2018
7 Feb
'18
10:20 a.m.
thank you Yar, for fixing it and for communicating what happened.
Security is mostly a superstition. It does not exist in nature, nor do the
children of men as a whole experience it. Avoiding danger is no safer in the
long run than outright exposure. Life is either a daring adventure, or nothing.
Helen Keller
On Wed, 7 Feb 2018, Yardena Cohen wrote:
I think I fixed this - can you try again?
When we first set up the new router we had the same problem and solved
it with an iptables rule to let DHCP traffic in & out which had been
blocked before. The evidence is really obvious if you type journalctl
on the router - you see a stream of error messages like:
Feb 07 09:50:00 saros dhcpd[976]: send_packet: Operation not permitted
Feb 07 09:50:00 saros dhcpd[976]: dhcp.c:3903: Failed to send 300 byte
long packet over fallback interface.
When writing the rules into a file to make it permanent, I tried to be
too clever and added ' -o !enp3s0' to the rule because I thought, "who
wants to send DHCP to the WAN anyway? What could possibly go wrong!"
Then last week I rebooted the router, the new rules took effect, and
the extra '-o !enp3s0' caused the rule to fail (still not sure why),
thus blocking crucial DHCP traffic again. As soon as I replaced the
rule just now with a simpler one, the error messages stopped.
tl;dr my fault for being too secure sorry