瀏覽代碼

add rules to not log broadcast packets

Casey DeLorme 9 月之前
父節點
當前提交
0eb96cd330
共有 1 個文件被更改,包括 7 次插入0 次删除
  1. 7 0
      install/etc/nftables.conf

+ 7 - 0
install/etc/nftables.conf

@@ -1,5 +1,7 @@
 flush ruleset
 
+# @link: https://fishilico.github.io/generic-config/etc/nftables-server.conf.raw.html
+
 table inet firewall {
 
     # allow all outbound traffic
@@ -31,6 +33,11 @@ table inet firewall {
         # Jump to chain according to layer 3 protocol using a verdict map
         meta protocol vmap { ip: jump inbound_ipv4, ip6: jump inbound_ipv6 }
 
+        # silence some noisy crap
+        meta pkttype broadcast counter drop comment "silently drop unsollicited broadcast"
+        meta pkttype multicast counter drop comment "silently drop unsollicited multicast"
+        ip daddr 255.255.255.255/32 counter drop comment "really drop unsollicited IPv4 broadcast"
+
         # allow http and https traffic
         tcp dport { 80, 443 } accept