This is why I wrote DHCP Protect. DHCP Protect works with the userspace API of Netfilter (iptables/ip6tables) and will treat each DHCP(v4/v6) packet and decide if it should be forwarded or not.
Don’t worry, iptables can be configured in a way that if the program is not working, it will ACCEPT the packets by default.
In case anyone is not familiar with userspace filters, here is a good overview of how nftables works: https://www.slideshare.net/azilian/nftables-the-evolution-of-linux-firewall (I found something even better a few years ago, but I lost the link...)
There are no packages available, but don’t be scared, it’s really simple to install and it will do all the systemd stuff for you! After make install it will already be running (you can also make uninstall which will delete everything and remove it from systemd).
Your Gitea instance doesn't seem to like this link when accessed from a web browser. This works better: https://git.home.spale.com/public/dhcp_protect Perhaps you should even put the project on a public collaboration platform to allow for easy pull/merge requests. ;)
Anyway, thanks for sharing!