[RFC] rc.d script for binding static arp pairs and logging options

Hartmut Brandt hartmut.brandt at dlr.de
Wed Jan 2 13:09:15 PST 2008


Xin LI wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi,
> 
> Here is a rc.d script that I use on my own server, which provides two
> functionalities:
> 
>  - Bind ARP pairs specified in rc.conf (*);

Not having looked at the actual scripts just a comment: while the ARP 
and the routing tables are still unified, static arp entries can be done 
with the normal static_routes rc stuff. As far as I know this is going 
to change, so your script will be needed sooner or later. The 
functionality is needed for sure.

harti

>  - Set ARP logging options (+).
> 
> * Similar to routing settings, one need to set up some sort of "ARP
> pairs" like this:
> 
> 	static_arp_pairs="gw"
> 	arp_gw="172.16.1.1 00:1c:58:6a:7b:49"
> 
> + By setting one or more of the following options to "NO" it would set
> appropriate sysctl for arp logging settings to zero to disable logging:
> 
> 	log_arp_permanent_modify
> 	log_arp_movements
> 	log_arp_wrong_iface
> 
> This script could be useful for those who use FreeBSD in a
> uncontrollable network (i.e. your network administrator does not care
> about viruses that attacks the network with fake ARP broadcasts).
> 
> I wonder whether this script would be useful for general consumption?
> Other comments are also welcome :-)
> 
> Cheers,
> - --
> Xin LI <delphij at delphij.net>	http://www.delphij.net/
> FreeBSD - The Power to Serve!
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.4 (FreeBSD)
> 
> iD8DBQFHe+WCi+vbBBjt66ARAvA/AJ9zv5Wtif9DPgDPT89ZOOoueu+w9gCeK3gY
> 4GEETsKg53j19QLFd3IZKkc=
> =rLKv
> -----END PGP SIGNATURE-----
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> freebsd-current at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe at freebsd.org"



More information about the freebsd-rc mailing list