diff --git a/doc/tinc.conf.5.in b/doc/tinc.conf.5.in
index 8d8e6f1b..8a2aa348 100644
--- a/doc/tinc.conf.5.in
+++ b/doc/tinc.conf.5.in
@@ -150,6 +150,9 @@ It is possible to bind only to a single interface with this variable.
 .Pp
 This option may not work on all platforms.
 
+.It Va Broadcast Li = yes | no Po yes Pc Bq experimental
+When disabled, tinc will drop all broadcast and multicast packets, in both router and switch mode.
+
 .It Va ConnectTo Li = Ar name
 Specifies which other tinc daemon to connect to on startup.
 Multiple
diff --git a/doc/tinc.texi b/doc/tinc.texi
index 4b985dcd..9befcfd6 100644
--- a/doc/tinc.texi
+++ b/doc/tinc.texi
@@ -773,6 +773,10 @@ variable.
 
 This option may not work on all platforms.
 
+@cindex Broadcast
+@item Broadcast = <yes | no> (yes) [experimental]
+When disabled, tinc will drop all broadcast and multicast packets, in both router and switch mode.
+
 @cindex ConnectTo
 @item ConnectTo = <@var{name}>
 Specifies which other tinc daemon to connect to on startup.
diff --git a/src/net_setup.c b/src/net_setup.c
index 2301c83a..dfed7e56 100644
--- a/src/net_setup.c
+++ b/src/net_setup.c
@@ -397,8 +397,8 @@ static bool setup_myself(void) {
 		myself->options |= OPTION_CLAMP_MSS;
 
 	get_config_bool(lookup_config(config_tree, "PriorityInheritance"), &priorityinheritance);
-
 	get_config_bool(lookup_config(config_tree, "DecrementTTL"), &decrement_ttl);
+	get_config_bool(lookup_config(config_tree, "Broadcast"), &broadcast);
 
 #if !defined(SOL_IP) || !defined(IP_TOS)
 	if(priorityinheritance)
diff --git a/src/route.c b/src/route.c
index 9e9f9d04..0b77bd4a 100644
--- a/src/route.c
+++ b/src/route.c
@@ -39,6 +39,7 @@ bool directonly = false;
 bool priorityinheritance = false;
 int macexpire = 600;
 bool overwrite_mac = false;
+bool broadcast = true;
 mac_t mymac = {{0xFE, 0xFD, 0, 0, 0, 0}};
 
 /* Sizes of various headers */
@@ -423,11 +424,11 @@ static void route_ipv4(node_t *source, vpn_packet_t *packet) {
 	if(!checklength(source, packet, ether_size + ip_size))
 		return;
 
-	if(((packet->data[30] & 0xf0) == 0xe0) || (
+	if(broadcast && (((packet->data[30] & 0xf0) == 0xe0) || (
 			packet->data[30] == 255 &&
 			packet->data[31] == 255 &&
 			packet->data[32] == 255 &&
-			packet->data[33] == 255))
+			packet->data[33] == 255)))
 		broadcast_packet(source, packet);
 	else
 		route_ipv4_unicast(source, packet);
@@ -715,7 +716,7 @@ static void route_ipv6(node_t *source, vpn_packet_t *packet) {
 		return;
 	}
 
-	if(packet->data[38] == 255)
+	if(broadcast && packet->data[38] == 255)
 		broadcast_packet(source, packet);
 	else
 		route_ipv6_unicast(source, packet);
@@ -805,7 +806,8 @@ static void route_mac(node_t *source, vpn_packet_t *packet) {
 	subnet = lookup_subnet_mac(NULL, &dest);
 
 	if(!subnet) {
-		broadcast_packet(source, packet);
+		if(broadcast)
+			broadcast_packet(source, packet);
 		return;
 	}
 
diff --git a/src/route.h b/src/route.h
index 3585cef4..c1481fa3 100644
--- a/src/route.h
+++ b/src/route.h
@@ -41,6 +41,7 @@ extern fmode_t forwarding_mode;
 extern bool decrement_ttl;
 extern bool directonly;
 extern bool overwrite_mac;
+extern bool broadcast;
 extern bool priorityinheritance;
 extern int macexpire;