Author Topic: DHCP on WAN and automatically generated rules (Read 1501 times)

MenschAergereDichNicht · « **on:** November 12, 2021, 04:14:23 pm »

Hi,

as the title suggests i need help regarding the automatically generated rules for DHCP on WAN.

There are some inbound UDP rules for port 547 and 546 which let UDP traffic from WAN enter the system.
How am i supposed to protect my network against malicious content from a WAN source that is *not* the provider DHCP server? Is the provider supposed to block such traffic? Do i miss anything else?

If not, i think i need an additional option inside the WAN interface where i can specify certain DHCP server address(es) which should be used inside the automatic DHCP rules.

Thank you in advance.

chemlud · « **Reply #1 on:** November 12, 2021, 04:33:26 pm »

That would be DHCPv6. Do you need IPv6 on WAN?

MenschAergereDichNicht · « **Reply #2 on:** November 12, 2021, 04:37:08 pm »

Yes. Indeed. The provider (Deutsche Glasfaser) uses DHCPv6 (if my research is correct).
And i need IPv6 on WAN to be able to reach into my network from the outside (via Wireguard).

MenschAergereDichNicht · « **Reply #3 on:** November 12, 2021, 05:28:18 pm »

I received my answer to this problem inside the German part of the forum.

Just for completness i will try to describe the solution inside this post.

There are two things that are important to note:

1) DHCP traffic is *not* routed inside the internet
2) The protocol uses polling from the client (firewall) to the provider (using a broadcast to detect the server?)

In combination of these two points i think it should be safe using the rules as is.

Author Topic: DHCP on WAN and automatically generated rules (Read 1501 times)

MenschAergereDichNicht

DHCP on WAN and automatically generated rules

chemlud

Re: DHCP on WAN and automatically generated rules

MenschAergereDichNicht

Re: DHCP on WAN and automatically generated rules

MenschAergereDichNicht

Re: DHCP on WAN and automatically generated rules