docs: add package/gluon-ebtables-limit-arp (#1386)

based on package documentation, authored by T_X 
84a6f65f02/package/gluon-ebtables-limit-arp/Makefile (L18-L39)

fixes #1383

docs/index.rst

@@ -58,6 +58,7 @@ Several Freifunk communities in Germany use Gluon as the foundation of their Fre
    package/gluon-config-mode-domain-select
    package/gluon-ebtables-filter-multicast
    package/gluon-ebtables-filter-ra-dhcp
+   package/gluon-ebtables-limit-arp
    package/gluon-ebtables-source-filter
    package/gluon-radv-filterd
    package/gluon-web-admin

docs/package/gluon-ebtables-limit-arp.rst

@@ -0,0 +1,23 @@
+gluon-ebtables-limit-arp
+========================
+
+The *gluon-ebtables-limit-arp* package adds filters to limit the 
+amount of ARP requests client devices are allowed to send into the 
+mesh. 
+
+The limits per client device, identified by its MAC address, are
+6 packets per minute and 1 per second per node in total. 
+A burst of up to 50 ARP requests is allowed until the rate-limiting
+takes effect (see ``--limit-burst`` in ``ebtables(8)``).
+
+Furthermore, ARP requests for a target IP already present in the
+batman-adv DAT cache are excluded from rate-limiting, in regard 
+to both counting and filtering, as batman-adv will be able
+to respond locally without a burden for the mesh. Therefore, this
+limiter should not affect popular target IP addresses, like those
+of gateways or nameservers.
+
+However it mitigates the impact on the mesh when a larger range of
+its IPv4 subnet is being scanned, which would otherwise result in
+a significant amount of ARP chatter, even for unused IP addresses.
+