From owner-freebsd-isp@FreeBSD.ORG  Thu Sep 25 23:14:56 2003
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2486F16A4B3
	for <freebsd-isp@freebsd.org>; Thu, 25 Sep 2003 23:14:56 -0700 (PDT)
Received: from avalon.pptus.ru (avalon.pptus.ru [212.73.100.133])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C90C843FDF
	for <freebsd-isp@freebsd.org>; Thu, 25 Sep 2003 23:14:54 -0700 (PDT)
	(envelope-from alexei@pptus.ru)
Received: from avalon.pptus.ru (avalon.pptus.ru [212.73.100.133])
	by avalon.pptus.ru (Postfix) with ESMTP id 99A3EF84E
	for <freebsd-isp@freebsd.org>; Fri, 26 Sep 2003 10:14:52 +0400 (MSD)
Date: Fri, 26 Sep 2003 10:14:52 +0400 (MSD)
From: Alexei Evdokimov <alexei@pptus.ru>
To: freebsd-isp@freebsd.org
In-Reply-To: <4878.62.142.81.6.1064386090.squirrel@redbull.tiscali.fi>
Message-ID: <20030926095646.E96986@avalon.pptus.ru>
References: <4878.62.142.81.6.1064386090.squirrel@redbull.tiscali.fi>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Subject: Re: static ARP
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Sep 2003 06:14:56 -0000

On Wed, 24 Sep 2003 vezku@surfeu.fi wrote:

> I was thinking about the following scenario. I have one interface in my
> BSD router that serves a private network.
>
> Is it possible to disable ARP on that interface and make static ARP
> entries on router? I'm looking for a way to allow only certain MAC
> addresses to access via this interface. I do know it's only false
> security, but it would prevent people adding easily unauthorized
> computers. And since there are only about 10 comps in this particular
> network, maintaining static ARP entries would not be worksome.
>
> I would not like to get into bridging if this works.

Parameter -arp will disable ARP on the interface:

    ifconfig ... -arp

To set static ARP table write authorized pairs ip:mac in a file
and load it it in the table:

    arp -f file

-- 
Alexei Evdokimov
alexei@pptus.ru