From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 5 Mar 2014 13:07:23 +0000 (+0100)
Subject: firewall: Filter logging of broadcasts from the internal networks.
X-Git-Tag: v2.15-rc1~52^2~2
X-Git-Url: http://git.ipfire.org/?p=people%2Fpmueller%2Fipfire-2.x.git;a=commitdiff_plain;h=63f2fb7fda9112d9e39414328e5d4fab28809c63

firewall: Filter logging of broadcasts from the internal networks.
---

diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index e87952bac6..a67af70564 100644
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -230,6 +230,20 @@ iptables_init() {
 	iptables -t nat -N REDNAT
 	iptables -t nat -A POSTROUTING -j REDNAT
 
+	# Filter logging of incoming broadcasts.
+	iptables -N BROADCAST_FILTER
+	iptables -A INPUT -j BROADCAST_FILTER
+
+	iptables -A BROADCAST_FILTER -i "${GREEN_DEV}" -d "${GREEN_BROADCAST}" -j DROP
+
+	if [ -n "${BLUE_DEV}" -a -n "${BLUE_BROADCAST}" ]; then
+		iptables -A BROADCAST_FILTER -i "${BLUE_DEV}" -d "${BLUE_BROADCAST}" -j DROP
+	fi
+
+	if [ -n "${ORANGE_DEV}" -a -n "${ORANGE_BROADCAST}" ]; then
+		iptables -A BROADCAST_FILTER -i "${ORANGE_DEV}" -d "${ORANGE_BROADCAST}" -j DROP
+	fi
+
 	# Apply OpenVPN firewall rules
 	/usr/local/bin/openvpnctrl --firewall-rules