[RFC] rc.d script for binding static arp pairs and logging
options
Hartmut Brandt
hartmut.brandt at dlr.de
Wed Jan 2 13:09:15 PST 2008
Xin LI wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> Here is a rc.d script that I use on my own server, which provides two
> functionalities:
>
> - Bind ARP pairs specified in rc.conf (*);
Not having looked at the actual scripts just a comment: while the ARP
and the routing tables are still unified, static arp entries can be done
with the normal static_routes rc stuff. As far as I know this is going
to change, so your script will be needed sooner or later. The
functionality is needed for sure.
harti
> - Set ARP logging options (+).
>
> * Similar to routing settings, one need to set up some sort of "ARP
> pairs" like this:
>
> static_arp_pairs="gw"
> arp_gw="172.16.1.1 00:1c:58:6a:7b:49"
>
> + By setting one or more of the following options to "NO" it would set
> appropriate sysctl for arp logging settings to zero to disable logging:
>
> log_arp_permanent_modify
> log_arp_movements
> log_arp_wrong_iface
>
> This script could be useful for those who use FreeBSD in a
> uncontrollable network (i.e. your network administrator does not care
> about viruses that attacks the network with fake ARP broadcasts).
>
> I wonder whether this script would be useful for general consumption?
> Other comments are also welcome :-)
>
> Cheers,
> - --
> Xin LI <delphij at delphij.net> http://www.delphij.net/
> FreeBSD - The Power to Serve!
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.4 (FreeBSD)
>
> iD8DBQFHe+WCi+vbBBjt66ARAvA/AJ9zv5Wtif9DPgDPT89ZOOoueu+w9gCeK3gY
> 4GEETsKg53j19QLFd3IZKkc=
> =rLKv
> -----END PGP SIGNATURE-----
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> freebsd-current at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe at freebsd.org"
More information about the freebsd-rc
mailing list