Am 2018-06-06 um 15:08 schrieb Alvin Lovi:
> Hi.
> I need your help about the arptables configuration: my primary goal is
> to block arp flooding and gratuitous arp.
> About blocking arp flooding: I'm thinking to use the "limit" module
> but it seems not supported.
> Gratuitous arp: a check on "sender IP Address" identical to "target IP
> address" can be useful.
> I cannot perform filtering on static mac entries: any suggestion?
> Thanks
perhaps this could help:
table arp filter {
chain input {
type filter hook input priority 0; policy accept;
limit rate over 10/second drop
}
chain output {
type filter hook output priority 0; policy accept;
}
}
...have a short look here:
https://pelican.craoc.fr/nftables.html
karl
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
