My ISP (Hetzner) recently contacted me to say that the MAC address of a bridged interface was showing up on the main Ethernet interface of a server I have with them, which triggers their monitoring system. So they want me to stop packets with a source MAC of my bridge appearing on the main interface.
If I run
I'd like to filter out those packets from ever leaving the bridge interface and showing up on the main Ethernet interface, but I can't seem to figure out an ipfw rule to do that.
I've tried
I don't have any router solicition daemon running on the host. I'm running out of ideas I can come up with myself now! All help very gratefully received, especially since Hetzner consider this something they can terminate service for, despite the packets showing up very infrequently.
If I run
tcpdump -i em0 -en -v | egrep -i 'MAC:OF:MY:BRIDGE:IF'
, I can see packets of the following form get logged:
Code:
21:49:17.904141 MAC:OF:MY:BRIDGE:IF > DST:MAC:ADDR, ethertype IPv6 (0x86dd), length 86: (hlim 255, next-header ICMPv6 (58) payload length: 32) fe80::d:77ff:fef7:4600 > ff02::1:ff4e:4908: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has IPv6:addr:in:my:prefix
I'd like to filter out those packets from ever leaving the bridge interface and showing up on the main Ethernet interface, but I can't seem to figure out an ipfw rule to do that.
I've tried
deny log ipv6-icmp from any to any out xmit bridge0 icmp6types 135
which I think should catch ICMPv6 neighbor solicitation packets leaving bridge0 but it doesn't seem to trigger.I don't have any router solicition daemon running on the host. I'm running out of ideas I can come up with myself now! All help very gratefully received, especially since Hetzner consider this something they can terminate service for, despite the packets showing up very infrequently.