I have chosen a contiguous CIDR block for my home network with 8 subnets - 192.168.24.0/21
I’d like to configure a rule to allow DHCP requests from those subnets to the OpenWrt router.
If I create a rule that says:
Protocol: UDP
Source address: 192.168.24.0/21
Destination zone: Device (input)
Destination port: 67-68,
what do I put in Source zone?
Putting Any zone (forward), doesn’t seem right, but I can’t group select LAN zones.
You can't use a source address for allowing DHCP because the DHCP clients may not yet have an address.
The way to handle this is via the zone. Put the network interface into a zone that rejects input, and then add a rule, much like what you already have, but with two changes:
Ah, of course lol (re can’t guarantee having an IP yet haha)
So unfortunately I have to create a seperate allow rule for each interface because I can’t group select interfaces in Source zone? (in LuCI anyway)
Thanks for making me lookup why to remove port 68 (only used by the client)
It is recommended to use a unique rule for each zone, but you may be able to use a wildcard for the source zone. You'll need a companion rule to block from any specific zones that should not be able to reach the DHCP server (almost always the case for the wan).
That doesn’t appear to be a possibility in LuCI (is there a particular reason for that? Group selection is available elsewhere).
I will follow the KISS principle here then 
Thanks, I will mark this as solved.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.