Browse Source

add rules to not log broadcast packets

Casey DeLorme 9 months ago
parent
commit
0eb96cd330
1 changed files with 7 additions and 0 deletions
  1. 7 0
      install/etc/nftables.conf

+ 7 - 0
install/etc/nftables.conf

@@ -1,5 +1,7 @@
 flush ruleset
 flush ruleset
 
 
+# @link: https://fishilico.github.io/generic-config/etc/nftables-server.conf.raw.html
+
 table inet firewall {
 table inet firewall {
 
 
     # allow all outbound traffic
     # allow all outbound traffic
@@ -31,6 +33,11 @@ table inet firewall {
         # Jump to chain according to layer 3 protocol using a verdict map
         # Jump to chain according to layer 3 protocol using a verdict map
         meta protocol vmap { ip: jump inbound_ipv4, ip6: jump inbound_ipv6 }
         meta protocol vmap { ip: jump inbound_ipv4, ip6: jump inbound_ipv6 }
 
 
+        # silence some noisy crap
+        meta pkttype broadcast counter drop comment "silently drop unsollicited broadcast"
+        meta pkttype multicast counter drop comment "silently drop unsollicited multicast"
+        ip daddr 255.255.255.255/32 counter drop comment "really drop unsollicited IPv4 broadcast"
+
         # allow http and https traffic
         # allow http and https traffic
         tcp dport { 80, 443 } accept
         tcp dport { 80, 443 } accept