I'm not sure why you'd want a packet filter to manage your ARP table,
but I think you can get what you want.
For static ARP tables, you can use `arp -s [ip addr] [mac addr] perm
pub` (Using 'pub' allows pf to proxy ARP for that address.)
You can also use bridge and brconfig to filter by MAC address. You need
to create a bridge from one interface to the other:
echo "add ne0 add ne1 up" > /etc/bridgename.bridge0
Then create a rule file for brconfig to use. They can be in conjunction
with pf rules on the same box:
pass out on ne1 src 00:4f:4e:00:1c:32
If you want the ability to replace source IP address with source MAC
address, you'll probably need to look at iptables. If I'm not mistaken,
MAC filtering support is a kernel compile-time option, but it is there.
PaulM
> -----Original Message-----
> To summarize: is there an easy way to maintain static ARP
> entries using
> pf on OBSD 3.2? While the current firewall is OBSD, I am not married
> to this configuration - if there is an open source firewall
> product that will allow me to accomplish this easier, then I
> will recommend that to the admin.
>
> Thanks in advance for your time.
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Apr 16 2004
Intro
