Home Esplora Aiuto
Registrati Accedi
FreifunkHochstift
/
gluon
6
0
Forka 0
File Problemi 0 Pull Requests 0
Sfoglia il codice sorgente

gluon-ebtables-filter-multicast: drop icmpv6 type 128 & 139, drop icmp

in a layer 2 mesh network, multicast pings cause a lot of traffic in the
network, significantly increasing the 'backgroudn noise' (= Grundrauschen)
and stressing nodes in the network.

this commit blacklists all icmpv4 multicast traffic as well as multicast
icmpv6 echo-requests and node iformation queries. as no application
depending on these types of multicast traffic is known, blacklisting is safe.
Leo Krueger 8 anni fa
parent
a6a281f545
commit
bc15b6c810
2 ha cambiato i file con 4 aggiunte e 2 eliminazioni
Visualizzazione separata Mostra Diff Stats
  1. 0 1
      package/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-icmp
  2. 4 1
      package/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-icmpv6

+ 0 - 1
package/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-icmp
Vedi File 

@@ -1 +0,0 @@
 
-rule 'MULTICAST_OUT -p IPv4 --ip-protocol icmp -j RETURN'

+ 4 - 1
package/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-icmpv6
Vedi File 

@@ -1,2 +1,5 @@
 
-rule 'MULTICAST_OUT -p IPv6 --ip6-protocol 0 -j RETURN' -- hop-by-hop
 
+rule 'MULTICAST_OUT -p IPv6 --ip6-protocol ipv6-icmp --ip6-icmp-type echo-request -j DROP'
 
+rule 'MULTICAST_OUT -p IPv6 --ip6-protocol ipv6-icmp --ip6-icmp-type 139 -j DROP'
 
 rule 'MULTICAST_OUT -p IPv6 --ip6-protocol ipv6-icmp -j RETURN'
 
+
 
+rule 'MULTICAST_OUT -p IPv6 --ip6-protocol 0 -j RETURN' -- hop-by-hop