Remove DHCP incoming packets. The connection is started by the host, don't need incoming rule.

2017-08-09 16:08:52 +02:00 · 2017-08-09 16:08:52 +02:00 · 4beb9019de
parent 5dd7ea7a5d
commit 4beb9019de
3 changed files with 1 additions and 4 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -8,6 +8,7 @@
 ### Default Rules
 * Use more sets and vars definitions to avoid multiple rules.
 * Allow outgoing icmp.
+* Remove DHCP incoming packets. The connection is started by the host, don't need incoming rule.

 ## v1.0

--- a/README.md
+++ b/README.md
@ -79,8 +79,6 @@ nft_input_default_rules:
    - ip daddr @blackhole counter drop
  015 localhost:
    - iif lo accept
-  040 dhcp:
-    - udp sport bootps udp dport bootpc limit rate 6/minute accept
  220 ssh:
    - tcp dport ssh ct state new counter accept
 nft_input_group_rules: {}
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -34,8 +34,6 @@ nft_input_default_rules:
    - ip daddr @blackhole counter drop
  015 localhost:
    - iif lo accept
-  040 dhcp:
-    - udp sport bootps udp dport bootpc limit rate 6/minute accept
  220 ssh:
    - tcp dport ssh ct state new counter accept
 nft_input_group_rules: {}