Date: 22 Sep 2001 11:27:04 -0700 From: swear@blarg.net (Gary W. Swearingen) To: freebsd-questions@freebsd.org Subject: Any way to disable dynamic ARP? Message-ID: <ebitebytc7.teb@localhost.localdomain>
next in thread | raw e-mail | index | archive | help
Someone said that security could be improved by setting the IP/MAC translation table (ARP table) statically. The "arp" command allows that, but I don't see how to keep the kernel (?) from continuing to poke around the network to set up additional translations dynamically. Do I make any sense? Is there some sysctl or other scheme for having a static-only ARP table while allowing me to "publish" one address for use by my external router which doesn't allow a static ARP table. (I guess I want my firewall to be an ARP server, but not a client.) I guess the fear is that a cracker taking over the router or, more likely, a DMZ host could to bad things to the firewall's ARP-related routing. Thanks. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ebitebytc7.teb>