Home Explore Help
Register Sign In
FreifunkHochstift
/
ffho-salt-public
2
0
Fork 2
Files Issues 0 Pull Requests 0
Browse Source

nftables: Drop all broadcast packets before logging

  Drop all broadcast packets after allowing services (including DHCP if needed)
  to avoid logging random broadcasts from clients.

Signed-off-by: Maximilian Wilhelm <max@sdn.clinic>
Maximilian Wilhelm 2 years ago
parent
9f302065c1
commit
e7bf3f3bbc
1 changed files with 1 additions and 0 deletions
Split View Show Diff Stats
  1. 1 0
      nftables/nftables.conf.tmpl

+ 1 - 0
nftables/nftables.conf.tmpl
View File 

@@ -49,6 +49,7 @@ table ip filter {
 
 {%- endif %}
 
 		ct state related,established counter accept
 
 		counter jump services
 
+		meta pkttype broadcast counter drop comment "Drop broadcasts before logging"
 
 		limit rate 1/second burst 3 packets counter log prefix "nf input: "
 
 		limit rate 1/second burst 3 packets counter reject with icmp type admin-prohibited
 
 		counter drop