[CentOS] C7: NM and changing MAC addresses

Mon Oct 11 09:55:42 UTC 2021
Tom Yates <madhatter at teaparty.net>

i need a way to stop anything from changing my external MAC address, as my 
ISP is extremely sensitive to additional MAC addresses appearing on my 
external NIC.

i have done

sudo nmcli conn mod eno1 802-3-ethernet.cloned-mac-address permanent

and it's improved matters, but here's an example of it going wrong even 
so, from "tcpdump -n -n -e -i eno1 src 185.219.108.121" (which is my ipv4):

10:23:58.210653 ac:1f:6b:6c:5a:6e > bc:30:5b:f7:3e:c8, ethertype IPv4 (0x0800), length 114: 185.219.108.121.53002 > 198.252.206.25.443: Flags [P.], seq 2018:2066, ack 5333, win 501, options [nop,nop,TS val 4035938817 ecr 1709670339], length 48
10:23:58.405154 ac:1f:6b:6c:5a:6e > bc:30:5b:f7:3e:c8, ethertype IPv4 (0x0800), length 66: 185.219.108.121.44534 > 216.58.212.234.443: Flags [.], ack 21641, win 501, options [nop,nop,TS val 805137946 ecr 1062125308], length 0
10:23:58.447030 ac:1f:6b:6c:58:2d > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 185.219.108.1 tell 185.219.108.121, length 46
10:23:58.447466 ac:1f:6b:6c:58:2d > bc:30:5b:f7:3e:c8, ethertype IPv4 (0x0800), length 342: 185.219.108.121.68 > 185.219.108.1.67: BOOTP/DHCP, Request from ac:1f:6b:6c:58:2d, length 300
10:23:58.629131 ac:1f:6b:6c:5a:6e > bc:30:5b:f7:3e:c8, ethertype IPv4 (0x0800), length 98: 185.219.108.121 > 8.8.8.8: ICMP echo request, id 105, seq 67, length 64

note the first two frames coming from ac:1f:6b:6c:5a:6e, the real MAC 
address, which has been happily all over the headers of the previous 
several thousand frames, but then two frames from ac:1f:6b:6c:58:2d, which 
*utterly* screw up my connection to my ISP.  the old MAC address continues 
to be on some of the outgoing traffic.

i have some grounds for thinking that the first or second frame with the 
"bad" mac address is always a BOOTP/DHCP frame, so i'm open to the idea 
that this is dhclient being "helpful", rather than NM.

does anyone have any idea which daemon or service is responsible for this 
MAC-rebadging, and/or how i might stop it?


-- 

       Tom Yates  -  https://www.teaparty.net