DHCP on WAN and automatically generated rules

Started by MenschAergereDichNicht, November 12, 2021, 04:14:23 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 12, 2021, 04:14:23 PM
Hi,

as the title suggests i need help regarding the automatically generated rules for DHCP on WAN.

There are some inbound UDP rules for port 547 and 546 which let UDP traffic from WAN enter the system.
How am i supposed to protect my network against malicious content from a WAN source that is *not* the provider DHCP server? Is the provider supposed to block such traffic? Do i miss anything else?

If not, i think i need an additional option inside the WAN interface where i can specify certain DHCP server address(es) which should be used inside the automatic DHCP rules.


Thank you in advance.





November 12, 2021, 04:33:26 PM #1
That would be DHCPv6. Do you need IPv6 on WAN?
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
November 12, 2021, 04:37:08 PM #2 Last Edit: November 12, 2021, 04:53:47 PM by MenschAergereDichNicht
Yes. Indeed. The provider (Deutsche Glasfaser) uses DHCPv6 (if my research is correct).
And i need IPv6 on WAN to be able to reach into my network from the outside (via Wireguard).
November 12, 2021, 05:28:18 PM #3
I received my answer to this problem inside the German part of the forum.

Just for completness i will try to describe the solution inside this post.

There are two things that are important to note:

1) DHCP traffic is *not* routed inside the internet
2) The protocol uses polling from the client (firewall) to the provider (using a broadcast to detect the server?)

In combination of these two points i think it should be safe using the rules as is.
Print
Go Up Pages1
User actions