On Wed, Jan 16, 2008 at 12:28:53PM +0200, Jussi Peltola wrote:
> On Wed, Jan 16, 2008 at 10:27:10PM +1300, [EMAIL PROTECTED] wrote:
> > I seem to be getting a fair few of these on my firewall recently,
> > looking like arp cache poisoning. it may be related to me losing
> > service occasionally.
> >
> > I can't see how i could get pf to filter on what is effectively a
> > lower level protocol.
> >
> > what other options do i have?
>
> Static ARP?
A "smart" way to do it, IMHO:
1. Create a file, e.g. /etc/arp.permanent, with lines like these:
10.0.0.2 01:23:45:67:89:ab permanent
10.0.0.3 12:34:56:78:9a:bc permanent
...
2. Add this somewhere in /etc/rc.local:
if [ -r /etc/arp.permanent ]; then
echo -n ' arp'; /usr/sbin/arp -F -f /etc/arp.permanent \
> /dev/null 2>&1
fi
Remember to do something similar on the other hosts to protect both
ways.
Martin
