On Fri, 2002-11-22 at 05:18, Cedric Blancher wrote:
> Le mar 19/11/2002 à 07:47, Toshihiro Sonoda a écrit :
> > I can find the arp_filter.c and arp_tables.c in "net/ipv4/netfilter/" of kernel tree (2.4.18).
> > But, I can not find the document about how to use the arp filtering.
> > How can I use the arp filtering in linux.
>
> Akaik, there's still no userland tool to configure ARP filtering into
> kernel (aka arptables tool) and associated library.
>
> So the first step would be implementing kernel/userland interface...
Just a half baked idea....
I havent tested this, but the /etc/ethers (man 5 ethers)
is used for storing arp cache information statically, like /etc/hosts
in /etc/rc.local you could call:
/sbin/arp -f /etc/ethers
The /etc/ethers file might contain:
00:08:02:88:88:88 10.10.10.10
If you had no 10.10.10.10 anywhere on your network!
Then you could set rules in your iptables that DROP all 10.10.10.10
packets from source and destination, in all tables.
>From the "arp" man page "If the temp flag is
not supplied entries will be permanent stored into
the ARP cache."
-Ben.
