Hi, I’m working on hardening my router… starting with defconf eliminating open ports, door banging brute force connection requests from the internet, etc.
I have found strange packets being dropped by the end of the input chain, seemingly originating from my own router:
Log: input: in:lo out:(unknown 0), connection-state:new proto UDP, 0.0.0.0:68->255.255.255.255:67, len 328
One request per second. Even shows on the interface:lo activity list.
As far as I understand, the loopback interface is asking for an IP address from the local DHCP server. From which point I do not understand… 
My MT router is connected to a cable modem, ether1 WAN DHCP client works fine. On the router the LAN side DHCP server is turned off.
LAN uses a dedicated rpi4 pi.hole gravity DNS and acting as DHCP server for all clients…
Please help, where to search?
Thx
Peter