Thanks for your suggestion, but I'm trying to avoid nftables because I
cannot modify actual configuration (I'm using iptables too).
I have the following questions:
1. Can I integrate the functionalities described in the previous mail
with arptables? If yes, how can I do it?
2. If it is not possible, do you know possible alternatives? I'm
trying to avoid nftables and ebtables
3. Is it possible to use iptables and nftables together? I'm
evaluating nftables for another system but i want to avoid rewriting
the whole iptables rules
On Thu, Jun 7, 2018 at 10:30 AM, support@xxxxxxx <support@xxxxxxx> wrote:
> Am 2018-06-06 um 15:08 schrieb Alvin Lovi:
>> Hi.
>> I need your help about the arptables configuration: my primary goal is
>> to block arp flooding and gratuitous arp.
>> About blocking arp flooding: I'm thinking to use the "limit" module
>> but it seems not supported.
>> Gratuitous arp: a check on "sender IP Address" identical to "target IP
>> address" can be useful.
>> I cannot perform filtering on static mac entries: any suggestion?
>> Thanks
>
> perhaps this could help:
>
> table arp filter {
> chain input {
> type filter hook input priority 0; policy accept;
> limit rate over 10/second drop
>
> }
>
> chain output {
> type filter hook output priority 0; policy accept;
> }
> }
>
> ...have a short look here:
> https://pelican.craoc.fr/nftables.html
>
>
> karl
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
