In this web content, the author recounts their experience with setting up a DHCP server and realizing that they had not opened the necessary firewall ports. They explain that DHCP is unique because it uses packet filters tied into the IP stack before the firewall, which allows it to bypass certain restrictions imposed by the TCP/IP stack and iptables. The author believes that the term “raw sockets” is confusing and clarifies that there are different types of raw sockets on Linux, some of which are affected by iptables and some are not. They also mention that using raw sockets allows them to receive packets post-NAT, which may not be widely known. Additionally, the author expresses frustration with the term “packet filter,” stating that it is an abuse of the term, as Berkeley Packet Filter is a mechanism used to filter raw sockets.
https://unix.stackexchange.com/questions/447440/ufw-iptables-not-blocking-dhcp-udp-port-67#447524