current workaround
create file /etc/nftables/fritzbox.nft with this content
Code: Select all
#!/usr/sbin/nft -f
# see https://pablo.tools/blog/computers/dropped-packets/
# if you still get packets with eth.type == 0x8899 disable loop prevention in your switch (e.g. TL-SG105E)
table netdev filter {
chain ingress {
type filter hook ingress device eno1 priority 0; policy accept;
}
}
# flush chain to avoid duplicated rules if service is started multiple times
flush chain netdev filter ingress
add rule netdev filter ingress meta protocol {0x8912, 0x88e1} drop
and a systemd-service /etc/systemd/system/drop_fritzbox_homeplug_packets.service with this content
Code: Select all
[Unit]
Description=drop packets with protocol 0x8912, 0x88e1 from avm fritzbox
Requires=multi-user.target
After=multi-user.target
[Service]
Type=simple
ExecStart=/usr/sbin/nft -f /etc/nftables/fritzbox.nft
Restart=no
[Install]
WantedBy=multi-user.target
Depending on how fast the system starts up and when the first packets arrive i have zero to few dropped packets.
If someone has a better solution for this problem feel free to add an answer.