Index: sbin/dhclient/bpf.c
===================================================================
--- sbin/dhclient/bpf.c	(revision 266306)
+++ sbin/dhclient/bpf.c	(working copy)
@@ -131,6 +131,11 @@ struct bpf_insn dhcp_bpf_wfilter[] = {
 
 int dhcp_bpf_wfilter_len = sizeof(dhcp_bpf_wfilter) / sizeof(struct bpf_insn);
 
+struct bpf_insn dhcp_bpf_dfilter[] = {
+	BPF_STMT(BPF_RET+BPF_K, 0)
+};
+int dhcp_bpf_dfilter_len = sizeof(dhcp_bpf_dfilter) / sizeof(struct bpf_insn);
+
 void
 if_register_send(struct interface_info *info)
 {
@@ -160,6 +165,12 @@ if_register_send(struct interface_info *info)
 	if (ioctl(info->wfdesc, BIOCSETWF, &p) < 0)
 		error("Can't install write filter program: %m");
 
+	/* Set deny-all read filter for write socket */
+	p.bf_len = dhcp_bpf_dfilter_len;
+	p.bf_insns = dhcp_bpf_dfilter;
+	if (ioctl(info->wfdesc, BIOCSETFNR, &p) < 0)
+		error("Can't install write filter program: %m");
+
 	if (ioctl(info->wfdesc, BIOCLOCK, NULL) < 0)
 		error("Cannot lock bpf");