Browse Source

disable nftables logging until we can make logging sane

Casey DeLorme 9 months ago
parent
commit
46d8415c3e
1 changed files with 5 additions and 4 deletions
  1. 5 4
      install/etc/nftables.conf

+ 5 - 4
install/etc/nftables.conf

@@ -34,9 +34,9 @@ table inet firewall {
         meta protocol vmap { ip: jump inbound_ipv4, ip6: jump inbound_ipv6 }
 
         # silence some noisy crap
-        meta pkttype broadcast counter drop comment "silently drop unsollicited broadcast"
-        meta pkttype multicast counter drop comment "silently drop unsollicited multicast"
-        ip daddr 255.255.255.255/32 counter drop comment "really drop unsollicited IPv4 broadcast"
+        #meta pkttype broadcast counter drop comment "silently drop unsollicited broadcast"
+        #meta pkttype multicast counter drop comment "silently drop unsollicited multicast"
+        #ip daddr 255.255.255.255/32 counter drop comment "really drop unsollicited IPv4 broadcast"
 
         # allow http and https traffic
         tcp dport { 80, 443 } accept
@@ -45,7 +45,8 @@ table inet firewall {
         tcp dport ssh ct state new limit rate 4/minute accept
 
         # log all denied traffic (including ssh)
-        log prefix "[nftables] Inbound Denied: " counter drop
+        # @note: disabled until I can find a way to silence wrong DST traffic
+        #log prefix "[nftables] Inbound Denied: " counter drop
     }
 
     # do not act as a router; drop all forward requests