gluon-ebtables-filter-multicast: drop icmpv6 type 128 & 139, drop icmp

in a layer 2 mesh network, multicast pings cause a lot of traffic in the network, significantly increasing the 'backgroudn noise' (= Grundrauschen) and stressing nodes in the network. this commit blacklists all icmpv4 multicast traffic as well as multicast icmpv6 echo-requests and node iformation queries. as no application depending on these types of multicast traffic is known, blacklisting is safe.

gluon-ebtables-filter-multicast: drop icmpv6 type 128 & 139, drop icmp
bc15b6c8 · Leo Krueger · ohrensessel · a6a281f5 · a6a281f5 · bc15b6c8
Commit bc15b6c8 authored 9 years ago by Leo Krueger Committed by ohrensessel 9 years ago
--- a/package/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-icmp
+++ b/package/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-icmp
-rule 'MULTICAST_OUT -p IPv4 --ip-protocol icmp -j RETURN'
--- a/package/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-icmpv6
+++ b/package/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-icmpv6
-rule 'MULTICAST_OUT -p IPv6 --ip6-protocol 0 -j RETURN' -- hop-by-hop
+rule 'MULTICAST_OUT -p IPv6 --ip6-protocol ipv6-icmp --ip6-icmp-type echo-request -j DROP'
+rule 'MULTICAST_OUT -p IPv6 --ip6-protocol ipv6-icmp --ip6-icmp-type 139 -j DROP'
 rule 'MULTICAST_OUT -p IPv6 --ip6-protocol ipv6-icmp -j RETURN'
+
+rule 'MULTICAST_OUT -p IPv6 --ip6-protocol 0 -j RETURN' -- hop-by-hop