From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 5 Mar 2014 13:07:23 +0000 (+0100)
Subject: firewall: Filter logging of broadcasts from the internal networks.
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=63f2fb7fda9112d9e39414328e5d4fab28809c63;hp=323923d912cb86fd2e89326aa61bad06bf05d6dd;p=people%2Fteissler%2Fipfire-2.x.git

firewall: Filter logging of broadcasts from the internal networks.
---

diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index e87952bac..a67af7056 100644
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -230,6 +230,20 @@ iptables_init() {
 	iptables -t nat -N REDNAT
 	iptables -t nat -A POSTROUTING -j REDNAT
 
+	# Filter logging of incoming broadcasts.
+	iptables -N BROADCAST_FILTER
+	iptables -A INPUT -j BROADCAST_FILTER
+
+	iptables -A BROADCAST_FILTER -i "${GREEN_DEV}" -d "${GREEN_BROADCAST}" -j DROP
+
+	if [ -n "${BLUE_DEV}" -a -n "${BLUE_BROADCAST}" ]; then
+		iptables -A BROADCAST_FILTER -i "${BLUE_DEV}" -d "${BLUE_BROADCAST}" -j DROP
+	fi
+
+	if [ -n "${ORANGE_DEV}" -a -n "${ORANGE_BROADCAST}" ]; then
+		iptables -A BROADCAST_FILTER -i "${ORANGE_DEV}" -d "${ORANGE_BROADCAST}" -j DROP
+	fi
+
 	# Apply OpenVPN firewall rules
 	/usr/local/bin/openvpnctrl --firewall-rules