diff --git a/man/systemd.network.xml b/man/systemd.network.xml
index 8bdcd42b39d..63a3eef9428 100644
--- a/man/systemd.network.xml
+++ b/man/systemd.network.xml
@@ -2236,7 +2236,8 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix
four-message exchange (discover, offer, request, and ack) is used. The two-message exchange
provides faster client configuration. See
RFC 4039 for details.
- Defaults to true.
+ Defaults to true when Anonymize=no and neither AllowList=
+ nor DenyList= is specified, and false otherwise.
@@ -2670,6 +2671,9 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix
prefix length after /. DHCP offers from servers in the list are rejected.
Note that if AllowList= is configured then DenyList= is
ignored.
+ Note that this filters only DHCP offers, so the filtering may not work when
+ RapidCommit= is enabled. See also RapidCommit= in the above.
+
@@ -2681,6 +2685,9 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix
A whitespace-separated list of IPv4 addresses. Each address can optionally take a
prefix length after /. DHCP offers from servers in the list are accepted.
+ Note that this filters only DHCP offers, so the filtering may not work when
+ RapidCommit= is enabled. See also RapidCommit= in the above.
+
diff --git a/src/network/networkd-dhcp4.c b/src/network/networkd-dhcp4.c
index 031507b6630..efbae6d8686 100644
--- a/src/network/networkd-dhcp4.c
+++ b/src/network/networkd-dhcp4.c
@@ -51,6 +51,13 @@ void network_adjust_dhcp4(Network *network) {
if (network->dhcp_client_identifier < 0)
network->dhcp_client_identifier = network->dhcp_anonymize ? DHCP_CLIENT_ID_MAC : DHCP_CLIENT_ID_DUID;
+
+ /* By default, RapidCommit= is enabled when Anonymize=no and neither AllowList= nor DenyList= is specified. */
+ if (network->dhcp_use_rapid_commit < 0)
+ network->dhcp_use_rapid_commit =
+ !network->dhcp_anonymize &&
+ set_isempty(network->dhcp_allow_listed_ip) &&
+ set_isempty(network->dhcp_deny_listed_ip);
}
static int dhcp4_prefix_covers(
diff --git a/src/network/networkd-network-gperf.gperf b/src/network/networkd-network-gperf.gperf
index 628b1ad19f5..dbdd578dc66 100644
--- a/src/network/networkd-network-gperf.gperf
+++ b/src/network/networkd-network-gperf.gperf
@@ -261,7 +261,7 @@ DHCPv4.Use6RD, config_parse_bool,
DHCPv4.IPv6OnlyMode, config_parse_tristate, 0, offsetof(Network, dhcp_ipv6_only_mode)
DHCPv4.NetLabel, config_parse_string, CONFIG_PARSE_STRING_SAFE, offsetof(Network, dhcp_netlabel)
DHCPv4.NFTSet, config_parse_nft_set, NFT_SET_PARSE_NETWORK, offsetof(Network, dhcp_nft_set_context)
-DHCPv4.RapidCommit config_parse_bool, 0, offsetof(Network, dhcp_use_rapid_commit)
+DHCPv4.RapidCommit config_parse_tristate, 0, offsetof(Network, dhcp_use_rapid_commit)
DHCPv6.UseAddress, config_parse_bool, 0, offsetof(Network, dhcp6_use_address)
DHCPv6.UseDelegatedPrefix, config_parse_bool, 0, offsetof(Network, dhcp6_use_pd_prefix)
DHCPv6.UseDNS, config_parse_dhcp_use_dns, AF_INET6, 0
diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c
index 72ed2abd957..6cbaf82d6fa 100644
--- a/src/network/networkd-network.c
+++ b/src/network/networkd-network.c
@@ -396,7 +396,7 @@ int network_load_one(Manager *manager, OrderedHashmap **networks, const char *fi
.dhcp_send_hostname = true,
.dhcp_send_release = true,
.dhcp_route_metric = DHCP_ROUTE_METRIC,
- .dhcp_use_rapid_commit = true,
+ .dhcp_use_rapid_commit = -1,
.dhcp_client_identifier = _DHCP_CLIENT_ID_INVALID,
.dhcp_route_table = RT_TABLE_MAIN,
.dhcp_ip_service_type = -1,
diff --git a/src/network/networkd-network.h b/src/network/networkd-network.h
index 4995e55b531..03131b7061c 100644
--- a/src/network/networkd-network.h
+++ b/src/network/networkd-network.h
@@ -141,7 +141,7 @@ struct Network {
bool dhcp_send_hostname_set;
int dhcp_broadcast;
int dhcp_ipv6_only_mode;
- bool dhcp_use_rapid_commit;
+ int dhcp_use_rapid_commit;
bool dhcp_use_dns;
bool dhcp_use_dns_set;
bool dhcp_routes_to_dns;