From owner-freebsd-security  Sun Nov 26 12:10:19 2000
Delivered-To: freebsd-security@freebsd.org
Received: from phalse.2600.com (phalse.2600.COM [216.66.24.2])
	by hub.freebsd.org (Postfix) with ESMTP id 3501437B4C5
	for <freebsd-security@freebsd.org>; Sun, 26 Nov 2000 12:10:17 -0800 (PST)
Received: from localhost (localhost [[UNIX: localhost]])
	by phalse.2600.com (8.8.8/8.8.8) with ESMTP id PAA15407
	for <freebsd-security@freebsd.org>; Sun, 26 Nov 2000 15:10:16 -0500 (EST)
Date: Sun, 26 Nov 2000 15:10:16 -0500 (EST)
From: Dominick LaTrappe <seraf@2600.COM>
To: freebsd-security@freebsd.org
Subject: Re: static ARP tables
In-Reply-To: <200011252212.PAA26585@faith.cs.utah.edu>
Message-ID: <Pine.NEB.4.21.0011261501020.15375-100000@phalse.2600.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Sat, 25 Nov 2000 "David G. Andersen" <dga@pobox.com> wrote:
>   When used in conjunction with switch-enfored MAC security, it's actually
> quite useful.  You yourself state this;  I have a need for exactly this
> kind of functionality for Utah's network testbed, actually.

What I'd really like to see is a 'static' flag that can be added to
individual ARP table entries.  I have several networks with servers and
routers whose MAC/IP/switchport associtions should never change, but also
workstations that change all the time.

I'm going to try to work on a patch for this, though maybe someone already
knows a hack?

	||| Dominick




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message