-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday, 2023-04-29 at 11:57 +0200, Carlos E. R. wrote: Thinking aloud again, maybe I find what is going on while I write. I see this entry in my firewall log, repeatedly: <0.4> 2023-04-29T12:07:15.296265+02:00 Isengard kernel - - - [1253972.924118][ C3] FINAL_REJECT: IN=eth0 OUT= MAC=...:49:01:86:dd SRC=fd81:...:4901 DST=ff02:0000:0000:0000:0000:0000:0000:00fb LEN=155 TC=0 HOPLIMIT=255 FLOWLBL=503569 PROTO=UDP SPT=5353 DPT=5353 LEN=115 <0.4> 2023-04-29T11:40:31.021724+02:00 Isengard kernel - - - [1252368.627743][ C3] FINAL_REJECT: IN=eth0 OUT= MAC=33:...:5a:bd:86:dd SRC=2a02:...:5abd DST=ff02:...:00fb LEN=105 TC=0 HOPLIMIT=255 FLOWLBL=44733 PROTO=UDP SPT=5353 DPT=5353 LEN=65 that is mdns, aka Multicast DNS (mDNS). It is open in the intranet for IPv4, but seems some machine prefers IPv6. One comes from 2a02:..., which is my prefix. The one that changes, so I can not write that in the firewall rules. cer@Isengard:~/Pictures> ip neigh 192.168.1.129 dev eth0 lladdr ...:5f STALE 192.168.2.18 dev eth0 lladdr ...:01 STALE 192.168.1.14 dev eth0 lladdr ...:bd REACHABLE 192.168.1.1 dev eth0 lladdr ...:d4 REACHABLE 192.168.1.7 dev eth0 lladdr ...:3c STALE fe80::...:5abd dev eth0 lladdr ...5a:bd STALE fe80::...:80d4 dev eth0 lladdr ...:d4 router STALE fe80::...:ced2 dev eth0 lladdr ...:49 STALE 2a02:...:298b dev eth0 lladdr ...:49 STALE 2a02:...:5abd dev eth0 lladdr ...:5a:bd STALE <=== The 5abd part matches the src. It is Telcontar, this desktop machine. Compare the long string... Yes, it is this one: inet6 2a02:...:5abd/64 scope global dynamic mngtmpaddr On the second firewall entry pasted above. The MAC matches partially the "link/ether" string as printed by "ip addr": MAC=...:a1:5a:bd:86:dd link/ether ...:a1:5a:bd brd ff:ff:ff:ff:ff:ff The other log entry <0.4> 2023-04-29T12:07:15.296265+02:00 Isengard kernel - - - [1253972.924118][ C3] FINAL_REJECT: IN=eth0 OUT= MAC=...:49:01:86:dd SRC=fd81:...:4901 DST=ff02:0000:0000:0000:0000:0000:0000:00fb LEN=155 TC=0 HOPLIMIT=255 FLOWLBL=503569 PROTO=UDP SPT=5353 DPT=5353 LEN=115 That's Beta laptop. Beta:~ # ip addr | grep fd81 | grep 4901 inet6 fd81:...:4901/64 scope global mngtmpaddr noprefixroute Beta:~ # Well, it is a nighmare to find out what machine in the network has a certain IPv6 address. Because it is not only one, it is a bunch of them! And they change! In my case, both the prefix and the suffix. I do not see how to allow them in the firewall. Or silence them (just them). Would it bad, in my case, to open "mDNS" both for IPv4 and IPv6, considering the router firewall doesn't work? - -- Cheers, Carlos E. R. (from openSUSE 15.4 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCZEz47xwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfV9p8Anj02TENJmh+NHxJHLScr RY0WNTyLAJ9gyiHpAlr/6JwEPIgSQfRTM3Cuvw== =688F -----END PGP SIGNATURE-----