system log shows KERNEL Accept with UDP 67/68?

[chillm8t]

Aug 23 21:39:45 kernel: ACCEPT IN=eth4 OUT= MAC=ff:ff:ff:ff:ff:ff:50:02:a5:ac:e0:19:08:00 SRC=72.31.129.201 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=52887 PROTO=UDP SPT=67 DPT=68 LEN=308 MARK=0x8000000

Eth4 I know is my WAN port. The SRC address tracerts to the next hop outside my network within the ISP network. This looks like bootp udp packets? Is there a way I can block this IP with an iptables entry or drop the packets in some way?

I flashed my router with merlin a RT-AX58u, but this entry was persistent on oem firmware as well, so I'm not sure what to make of it?

 

[chillm8t]

I should also mention, I have an ssh putty connection into the router with root. I know basic linux commands. Not sure if I can just run it via command line or do I need to run a script? Would this work?


iptables -I FORWARD -s 72.31.129.201 -j DROP

update x2 edit: nope, I'm still learning here. I'm not sure what to use for specific ip or do you need the subnet bits as well?

 

[chillm8t]

Actually, using 72.31.129.201/32 worked but that shuts down internet, so I'm guessing this is something to do with bootp / dhcp?

 

[chillm8t]

Actually, using 72.31.129.201/32 worked but that shuts down internet, so I'm guessing this is something to do with bootp / dhcp?

I think I answered my own question. I wasn't aware the bootp server constantly sends broadcast messages every few seconds, and I couldn't figure out why by looking at the rfc.