docs: add package/gluon-ebtables-limit-arp
based on package documentation, authored by T_X
84a6f65f02/package/gluon-ebtables-limit-arp/Makefile (L18-L39)
fixes #1383
			
			
This commit is contained in:
		
							parent
							
								
									1531571a7e
								
							
						
					
					
						commit
						3459bb52e9
					
				| @ -58,6 +58,7 @@ Several Freifunk communities in Germany use Gluon as the foundation of their Fre | ||||
|    package/gluon-config-mode-domain-select | ||||
|    package/gluon-ebtables-filter-multicast | ||||
|    package/gluon-ebtables-filter-ra-dhcp | ||||
|    package/gluon-ebtables-limit-arp | ||||
|    package/gluon-ebtables-source-filter | ||||
|    package/gluon-radv-filterd | ||||
|    package/gluon-web-admin | ||||
|  | ||||
							
								
								
									
										23
									
								
								docs/package/gluon-ebtables-limit-arp.rst
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								docs/package/gluon-ebtables-limit-arp.rst
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,23 @@ | ||||
| gluon-ebtables-limit-arp | ||||
| ======================== | ||||
| 
 | ||||
| The *gluon-ebtables-limit-arp* package adds filters to limit the  | ||||
| amount of ARP requests client devices are allowed to send into the  | ||||
| mesh.  | ||||
| 
 | ||||
| The limits per client device, identified by its MAC address, are | ||||
| 6 packets per minute and 1 per second per node in total.  | ||||
| A burst of up to 50 ARP requests is allowed until the rate-limiting | ||||
| takes effect (see ``--limit-burst`` in ``ebtables(8)``). | ||||
| 
 | ||||
| Furthermore, ARP requests for a target IP already present in the | ||||
| batman-adv DAT cache are excluded from rate-limiting, in regard  | ||||
| to both counting and filtering, as batman-adv will be able | ||||
| to respond locally without a burden for the mesh. Therefore, this | ||||
| limiter should not affect popular target IP addresses, like those | ||||
| of gateways or nameservers. | ||||
| 
 | ||||
| However it mitigates the impact on the mesh when a larger range of | ||||
| its IPv4 subnet is being scanned, which would otherwise result in | ||||
| a significant amount of ARP chatter, even for unused IP addresses. | ||||
| 
 | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user