On 2/16/06, yo2lux <[EMAIL PROTECTED]> wrote: > arp -s 192.168.10.127 00:50:fc:9d:81:e7 permanent
With this command, you're only creating an ARP entry, not a filter of some sort. > [...] but nothing happen, my network connection between gateway > work with all internal IP. This behaviour isn't surprising: in fact, that's what the system is supposed to do. Apart from the static entry you created, it dynamically learns other MAC/IP combinations. > Any idea what need to do? Although I admit you could devise an automated procedure to register MAC addresses, you may want to look at authpf(8). With authpf, you can dynamically limit access based upon credentials (a login over ssh) that are less trivial to spoof (MAC addresses). For example, replacing faulty NICs will save you another administrative step. If you're relying on MAC addresses for security purposes, I recommend you save yourself the trouble and go with another means of authentication. MAC addresses are trivial to spoof (various Windows drivers allow you to change the MAC address for a card). Cheers, Rogier -- If you don't know where you're going, any road will get you there.
