I'm using ufw, the "uncomplicated firewall", and have a fairly standard setup where everything except incoming port 22 (ssh) gets denied. However, my syslog gets filled up with tons of junk like this:
which I believe are broadcast packets from CUPS printers on the network, etc. I would like to keep ufw logging enabled, but would like these events to stop appearing in the log. One simple solution is to just allow all packets destined to 255.255.255.255 (i.e. those destined to the standard limited broadcast address) which can be accomplished with
[UFW BLOCK INPUT]: IN=eth0 OUT= MAC=[scrubbed] SRC=[scrubbed] DST=255.255.255.255 LEN=207 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=631 DPT=631 LEN=187
Is there any danger in allowing all incoming broadcast packets?
sudo ufw allow to 255.255.255.255