Hi,
as the title suggests i need help regarding the automatically generated rules for DHCP on WAN.
There are some inbound UDP rules for port 547 and 546 which let UDP traffic from WAN enter the system.
How am i supposed to protect my network against malicious content from a WAN source that is *not* the provider DHCP server? Is the provider supposed to block such traffic? Do i miss anything else?
If not, i think i need an additional option inside the WAN interface where i can specify certain DHCP server address(es) which should be used inside the automatic DHCP rules.
Thank you in advance.
That would be DHCPv6. Do you need IPv6 on WAN?
Yes. Indeed. The provider (Deutsche Glasfaser) uses DHCPv6 (if my research is correct).
And i need IPv6 on WAN to be able to reach into my network from the outside (via Wireguard).
I received my answer to this problem inside the German part of the forum.
Just for completness i will try to describe the solution inside this post.
There are two things that are important to note:
1) DHCP traffic is *not* routed inside the internet
2) The protocol uses polling from the client (firewall) to the provider (using a broadcast to detect the server?)
In combination of these two points i think it should be safe using the rules as is.