i need a way to stop anything from changing my external MAC address, as my ISP is extremely sensitive to additional MAC addresses appearing on my external NIC.
i have done
sudo nmcli conn mod eno1 802-3-ethernet.cloned-mac-address permanent
and it's improved matters, but here's an example of it going wrong even so, from "tcpdump -n -n -e -i eno1 src 185.219.108.121" (which is my ipv4):
10:23:58.210653 ac:1f:6b:6c:5a:6e > bc:30:5b:f7:3e:c8, ethertype IPv4 (0x0800), length 114: 185.219.108.121.53002 > 198.252.206.25.443: Flags [P.], seq 2018:2066, ack 5333, win 501, options [nop,nop,TS val 4035938817 ecr 1709670339], length 48 10:23:58.405154 ac:1f:6b:6c:5a:6e > bc:30:5b:f7:3e:c8, ethertype IPv4 (0x0800), length 66: 185.219.108.121.44534 > 216.58.212.234.443: Flags [.], ack 21641, win 501, options [nop,nop,TS val 805137946 ecr 1062125308], length 0 10:23:58.447030 ac:1f:6b:6c:58:2d > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 185.219.108.1 tell 185.219.108.121, length 46 10:23:58.447466 ac:1f:6b:6c:58:2d > bc:30:5b:f7:3e:c8, ethertype IPv4 (0x0800), length 342: 185.219.108.121.68 > 185.219.108.1.67: BOOTP/DHCP, Request from ac:1f:6b:6c:58:2d, length 300 10:23:58.629131 ac:1f:6b:6c:5a:6e > bc:30:5b:f7:3e:c8, ethertype IPv4 (0x0800), length 98: 185.219.108.121 > 8.8.8.8: ICMP echo request, id 105, seq 67, length 64
note the first two frames coming from ac:1f:6b:6c:5a:6e, the real MAC address, which has been happily all over the headers of the previous several thousand frames, but then two frames from ac:1f:6b:6c:58:2d, which *utterly* screw up my connection to my ISP. the old MAC address continues to be on some of the outgoing traffic.
i have some grounds for thinking that the first or second frame with the "bad" mac address is always a BOOTP/DHCP frame, so i'm open to the idea that this is dhclient being "helpful", rather than NM.
does anyone have any idea which daemon or service is responsible for this MAC-rebadging, and/or how i might stop it?