asif/fail2banUFW
1
0
Fork 0
Code Issues Pull Requests Releases 3 Wiki Activity

ignore router multicast packets on LAN

Browse Source
This commit is contained in:
Asif Bacchus 2020-01-14 06:39:02 +00:00
parent d9aef817a6
commit aaab4e5eff
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
etc/fail2ban/filter.d/ufw-probe.conf
View File

@ -3,10 +3,13 @@ failregex = .*\[UFW BLOCK\] IN=.* SRC=<HOST>
# ignore common multicast device discovery calls on LOCAL IPv4/IPv6 networks
# still ban non-local (WAN) calls to any associated ports
ignoreregex = SRC=(10\.|172\.1[6-9]\.|172\.2[0-9]\.|172\.3[0-1]\.|192\.168\.|fe\w*\:).* PROTO=UDP.* DPT=(1900|3702|5353|5355) LEN=\d*\s\s$
ignoreregex = SRC=(10\.|172\.1[6-9]\.|172\.2[0-9]\.|172\.3[0-1]\.|192\.168\.).* DST=224\.0\.0.* DF PROTO=2\s+$
SRC=(10\.|172\.1[6-9]\.|172\.2[0-9]\.|172\.3[0-1]\.|192\.168\.|fe\w*\:).* DST=.* PROTO=UDP.* DPT=(1900|3702|5353|5355) LEN=\d*\s+$
# NOTES:
# Routers will often send packets to the multicast broadcast address (224.0.0.1)
# looking for multicast devices, this is safe to ignore on the LAN
# IPv6 link local is fe80::/10 (fe80::-febf:ffff...ffff), so only 'fe' will
# always match
# IPv4 private ranges are: