Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
DHCP on WAN and automatically generated rules
« previous
next »
Print
Pages: [
1
]
Author
Topic: DHCP on WAN and automatically generated rules (Read 1500 times)
MenschAergereDichNicht
Full Member
Posts: 108
Karma: 3
DHCP on WAN and automatically generated rules
«
on:
November 12, 2021, 04:14:23 pm »
Hi,
as the title suggests i need help regarding the automatically generated rules for DHCP on WAN.
There are some inbound UDP rules for port 547 and 546 which let UDP traffic from WAN enter the system.
How am i supposed to protect my network against malicious content from a WAN source that is *not* the provider DHCP server? Is the provider supposed to block such traffic? Do i miss anything else?
If not, i think i need an additional option inside the WAN interface where i can specify certain DHCP server address(es) which should be used inside the automatic DHCP rules.
Thank you in advance.
Logged
chemlud
Hero Member
Posts: 2481
Karma: 112
Re: DHCP on WAN and automatically generated rules
«
Reply #1 on:
November 12, 2021, 04:33:26 pm »
That would be DHCPv6. Do you need IPv6 on WAN?
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare
felix eichhorns premium katzenfutter mit der extraportion energie
A router is not a switch - A router is not a switch - A router is not a switch - A rou....
MenschAergereDichNicht
Full Member
Posts: 108
Karma: 3
Re: DHCP on WAN and automatically generated rules
«
Reply #2 on:
November 12, 2021, 04:37:08 pm »
Yes. Indeed. The provider (Deutsche Glasfaser) uses DHCPv6 (if my research is correct).
And i need IPv6 on WAN to be able to reach into my network from the outside (via Wireguard).
«
Last Edit: November 12, 2021, 04:53:47 pm by MenschAergereDichNicht
»
Logged
MenschAergereDichNicht
Full Member
Posts: 108
Karma: 3
Re: DHCP on WAN and automatically generated rules
«
Reply #3 on:
November 12, 2021, 05:28:18 pm »
I received my answer to this problem inside the German part of the forum.
Just for completness i will try to describe the solution inside this post.
There are two things that are important to note:
1) DHCP traffic is *not* routed inside the internet
2) The protocol uses polling from the client (firewall) to the provider (using a broadcast to detect the server?)
In combination of these two points i think it should be safe using the rules as is.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
DHCP on WAN and automatically generated rules