Date: Sat, 25 Nov 2000 15:12:56 -0700 (MST) From: "David G. Andersen" <dga@pobox.com> To: Gerhard.Sittig@gmx.net Cc: freebsd-security@FreeBSD.ORG Subject: Re: static ARP tables Message-ID: <200011252212.PAA26585@faith.cs.utah.edu> In-Reply-To: <Pine.NEB.4.21.0011241617180.25280-100000@phalse.2600.com> from "Dominick LaTrappe" at Nov 24, 2000 05:10:22 PM
next in thread | previous in thread | raw e-mail | index | archive | help
Lo and behold, Dominick LaTrappe once said: > > On Fri, 24 Nov 2000 Gerhard Sittig <Gerhard.Sittig@gmx.net> wrote: > > You might be interested in the conf/23063 PR with the > > "[PATCH] for static ARP tables in rc.network" synopsis > > (http://www.freebsd.org/cgi/query-pr.cgi?pr=23063). > > With software-set MAC addresses supported by a number of cards, this patch > does not provide much security. When used in conjunction with switch-enfored MAC security, it's actually quite useful. You yourself state this; I have a need for exactly this kind of functionality for Utah's network testbed, actually. You have a point, of course; this shouldn't be plugged as "the perfect solution for ip-based authentication," because it does have many holes of which a user must be aware, but it's a very nice thing to have around, and I'd love to see it controllable via rc.conf. One thing that would be nice from my perspective would be the ability to specify an external file that contains the static ARP entries, e.g. static_arp_table="/etc/arpfile" (The same kind of functionality currently provided by rc.firewall). Thanks, Gerhard! -Dave -- work: dga@lcs.mit.edu me: dga@pobox.com MIT Laboratory for Computer Science http://www.angio.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200011252212.PAA26585>