From 4beb9019de7dfb36914ed3835d1387c7abad01a6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gardais=20J=C3=A9r=C3=A9my?=
 <jeremy.gardais@univ-rennes1.fr>
Date: Wed, 9 Aug 2017 16:08:52 +0200
Subject: [PATCH] Remove DHCP incoming packets. The connection is started by
 the host, don't need incoming rule.

---
 CHANGELOG.md      | 1 +
 README.md         | 2 --
 defaults/main.yml | 2 --
 3 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3e1a2d9..9d3733a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,7 @@
 ### Default Rules
 * Use more sets and vars definitions to avoid multiple rules.
 * Allow outgoing icmp.
+* Remove DHCP incoming packets. The connection is started by the host, don't need incoming rule.
 
 ## v1.0
 
diff --git a/README.md b/README.md
index 411f9f8..6fc89f4 100644
--- a/README.md
+++ b/README.md
@@ -79,8 +79,6 @@ nft_input_default_rules:
     - ip daddr @blackhole counter drop
   015 localhost:
     - iif lo accept
-  040 dhcp:
-    - udp sport bootps udp dport bootpc limit rate 6/minute accept
   220 ssh:
     - tcp dport ssh ct state new counter accept
 nft_input_group_rules: {}
diff --git a/defaults/main.yml b/defaults/main.yml
index 9e48156..be55b98 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -34,8 +34,6 @@ nft_input_default_rules:
     - ip daddr @blackhole counter drop
   015 localhost:
     - iif lo accept
-  040 dhcp:
-    - udp sport bootps udp dport bootpc limit rate 6/minute accept
   220 ssh:
     - tcp dport ssh ct state new counter accept
 nft_input_group_rules: {}