On Wed, Dec 05, 2001 at 04:03:16AM -0800, Crist J . Clark wrote: > > Not sure what is correct list, this is about network security. > > Flag NOARP did not work for ethernet interface before 4.4-RELEASE. > > We needed static ARP table so used local patch for it. > > 4.4-RELEASE implemented NOARP but in the different way. > See PR 31873.
I have read this PR and other discussions. And I want to say that this 'intended' behavour is useless for some configurations. A machine acting as public gateway must respond to ARP requests for its IP. And it often must not allow modifying its ARP table. So I'm asking to have another behavour as an option. Perhaps, tunable as sysctl. We use this scheme several years in production, keeping our local patches. It seems this scheme is used widely, I've seen several different patches implementing this since 2.2.x. We use one of them. Eugene Grosbein. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
