Apparently dhcpd uses raw sockets to maximize its robustness and reliability in dealing with DHCP. Also, it uses as a fallback a UDP socket, and it was the packets to this fallback that iptables was dropping.
So, if your DHCP server operates on the same machine as your firewall, don't expect your firewall to stop traffic to it.
Looks like it is not a bug with ufw or iptables.
Per Mark Andrews of isc.org:
"DHCP uses packet filters and these tie into the IP stack before the
firewall."
A different topic, but the explanation is also relevant here:
https:/ /lists. isc.org/ pipermail/ dhcp-users/ 2010-January/ 010723. html
Apparently dhcpd uses raw sockets to maximize its robustness and reliability in dealing with DHCP. Also, it uses as a fallback a UDP socket, and it was the packets to this fallback that iptables was dropping.
So, if your DHCP server operates on the same machine as your firewall, don't expect your firewall to stop traffic to it.