On 2023-04-30 11:42, Per Jessen wrote:
Carlos E. R. wrote:
On 2023-04-30 08:46, Per Jessen wrote:
It's a dhcp client looking for a dhcp server - what to do with it is up to you, depends on your context.
But thinking aloud, what is best to do with them? And how?
You have to consider the context. Single machine that runs a dhcp server or not?
Only the router should manage dhcp. But in the past I found that I had to open dhcp port on some clients for dhcp assignment to work.
* if you need them, they should obviously be accepted.
I don't know if I need them.
* if you're not sure if you need then, reject but log
It's a lot of noise.
* if you don't need then, drop.
I don't know if I need them, that's the question.
For example, if I accept them, do I add 0.0.0.0/32 or /0? Is it safe?
You just don't specify it, you simply accept broadcast udp traffic on ports 67 and 68. It is a broadcast message, it doesn't travel further than the next router.
I did <rule family="ipv4"> <source address="0.0.0.0/32"/> <service name="dhcp"/> <accept/> </rule> a while ago, and now the log is empty, which is what I wanted.
Accepting them is less resources than writing a log entry, and less noise.
Those are not considerations pertinent to firewalling, not even on a 486dx2.
:-D it is to me :-) (resources are also disk space. I want logs only with important things, entries use *my* time.)
Can dropping them cause an issue for this machine?
I would ask the admin. :-)
The admin doesn't know.
Oh, another strange one. But just one packet.
<0.4> 2023-04-30T01:12:25.061938+02:00 Isengard kernel - - - [1301083.230432][ C3] FINAL_REJECT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:d0:...:00 SRC=192.168.1.200 DST=255.255.255.255 LEN=124 TOS=0x00 PREC=0x00 TTL=64 ID=45743 DF PROTO=UDP SPT=26999 DPT=26999 LEN=104
High ports - why even bother with looking at that?
Because it is curious. What on earth is that? It is not part of an ongoing conversation, it is a broadcast.
It's probably just "Tinder for Humax".
MAC Address: D0:FC:D0:4C:D1:6C (Unknown) ^^^^^^^^ That is Humax.
Yes, I said so later in the post.
I was only showing you that the MAC OUI will tell you.
I had forgotten.
How do you find the maker from the MAC?
You take the OUI - the first 3 octets - and do a look up: IEEE OUI - https://standards-oui.ieee.org/
You didn't notice I found them myself, but different site. -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)