Re: Static ARP table in Linux

From: Christoph Scheurer (chris_at_rebmatt.ch)
Date: 12/13/03

Next message: Cedric Blancher: "Re: Static ARP table in Linux"

Previous message: Felipe Franciosi: "Re: Static ARP table in Linux"
In reply to: Bill Nash: "Re: Static ARP table in Linux"
Next in thread: Cedric Blancher: "Re: Static ARP table in Linux"
Reply: Cedric Blancher: "Re: Static ARP table in Linux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: focus-linux@securityfocus.com
Date: 13 Dec 2003 20:25:21 +0100

Am Fre, 2003-12-12 um 21.41 schrieb Bill Nash:

> Well, your 'static arp table' *IS* a cache of known addresses, for all
> intents and purposes. You may have better luck leaving the ARP table alone
> and using some functional equivalent of BSD's ethfw to permit known MAC
> addresses (This is also an excellent way of controlling what oozes across
> your wireless bridges.)

With iptables, it's with the option " -m mac --mac-source
XX.XX:XX:XX:XX:XX " in the INPUT,FORWARD and PREROUTING Chains.

Greets
Chris

-- 
Christoph Scheurer <chris@rebmatt.ch>

Next message: Cedric Blancher: "Re: Static ARP table in Linux"

Previous message: Felipe Franciosi: "Re: Static ARP table in Linux"
In reply to: Bill Nash: "Re: Static ARP table in Linux"
Next in thread: Cedric Blancher: "Re: Static ARP table in Linux"
Reply: Cedric Blancher: "Re: Static ARP table in Linux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]