five of the above line every minute in my recently installed gateway. < -A INPUT -p udp -i tunl0 --sport 5678 -j DROP >. Well, there is no need to do that really.  Those packets are not dangerous, they sometimes may be even useful. This is a router discovery protocol that will inform you about manufacturer, version number of software, router name etc of the device sending it. When you have a device that supports it (sends it), you will also have some overview table in the user interface there which shows the decoded info received in the last 2 minutes or so. At first I also disabled this everywhere I saw it, and I am still not sending it on IPIP tunnels (where it actually is a bit troublesome for some cases because every minute such a packets would go out on all 500 tunnels at the same time and would result in a traffic burst that may overflow some queues somewhere and would result in packet loss of other usage). But on the VPN links that we use with our new style connections, I now keep it enabled.   It provides a nice overview about who is connected and what software they are running, and I occasionally mail people that never upgrade their software to urge them to do so. As the mechanism for enabling/disabling these broadcasts has changed a little in the recent past in MikroTik firmware, and people not always update their software, some people that run an older YO2LOJ (Marius) script version may unknowingly be sending these things. But they are not dangerous and should not cause any noticable traffic volume. Rob