From owner-freebsd-current@FreeBSD.ORG Wed Jan 2 21:09:15 2008 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 087DA16A468; Wed, 2 Jan 2008 21:09:15 +0000 (UTC) (envelope-from Hartmut.Brandt@dlr.de) Received: from smtp-3.dlr.de (smtp-3.dlr.de [195.37.61.187]) by mx1.freebsd.org (Postfix) with ESMTP id 9539A13C43E; Wed, 2 Jan 2008 21:09:12 +0000 (UTC) (envelope-from Hartmut.Brandt@dlr.de) Received: from [192.168.2.100] ([172.21.151.2]) by smtp-3.dlr.de with Microsoft SMTPSVC(6.0.3790.1830); Wed, 2 Jan 2008 21:55:55 +0100 Message-ID: <477BFA5C.60602@dlr.de> Date: Wed, 02 Jan 2008 21:55:56 +0100 From: Hartmut Brandt Organization: German Aerospace Center User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) MIME-Version: 1.0 To: d@delphij.net References: <477BE583.6080202@delphij.net> In-Reply-To: <477BE583.6080202@delphij.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 02 Jan 2008 20:55:55.0480 (UTC) FILETIME=[DE3E3D80:01C84D81] Cc: FreeBSD Current , freebsd-rc@FreeBSD.org Subject: Re: [RFC] rc.d script for binding static arp pairs and logging options X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Jan 2008 21:09:15 -0000 Xin LI wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > > Here is a rc.d script that I use on my own server, which provides two > functionalities: > > - Bind ARP pairs specified in rc.conf (*); Not having looked at the actual scripts just a comment: while the ARP and the routing tables are still unified, static arp entries can be done with the normal static_routes rc stuff. As far as I know this is going to change, so your script will be needed sooner or later. The functionality is needed for sure. harti > - Set ARP logging options (+). > > * Similar to routing settings, one need to set up some sort of "ARP > pairs" like this: > > static_arp_pairs="gw" > arp_gw="172.16.1.1 00:1c:58:6a:7b:49" > > + By setting one or more of the following options to "NO" it would set > appropriate sysctl for arp logging settings to zero to disable logging: > > log_arp_permanent_modify > log_arp_movements > log_arp_wrong_iface > > This script could be useful for those who use FreeBSD in a > uncontrollable network (i.e. your network administrator does not care > about viruses that attacks the network with fake ARP broadcasts). > > I wonder whether this script would be useful for general consumption? > Other comments are also welcome :-) > > Cheers, > - -- > Xin LI http://www.delphij.net/ > FreeBSD - The Power to Serve! > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.4 (FreeBSD) > > iD8DBQFHe+WCi+vbBBjt66ARAvA/AJ9zv5Wtif9DPgDPT89ZOOoueu+w9gCeK3gY > 4GEETsKg53j19QLFd3IZKkc= > =rLKv > -----END PGP SIGNATURE----- > > > ------------------------------------------------------------------------ > > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"