Subject: Re: locking ARP
To: Wojciech Puchar <wojtek@chylonia.3miasto.net>
From: Steven M. Bellovin <smb@research.att.com>
List: netbsd-users
Date: 07/16/2002 18:10:38
In message <Pine.NEB.4.44.0207161107170.3837-100000@chylonia.3miasto.net>, Wojc
iech Puchar writes:
>> >so only hosts entered in /etc/ethers will get data from host.
>> >
>> >
>> ifconfig interfaceN -arp
>>
>> But I don't think that /etc/ethers doesn't do what you think; you have to
>> use the arp command to create the entries you need.
>arp -f /etc/ethers

Right -- but that could have been any file.  /etc/ethers is used by 
rarpd.
>
>but
>
>i did ifconfig le0 -arp
>
>ping 10.20.30.33 (nonexisting in arp table)
>
>and found:
>
>? (10.20.30.33) at (incomplete) on le0
>
>in arp table.
>
>so looks it doesn't work...
>
>
>
>
That's a separate problem -- file a PR...
(But -- did you verify that it actually sent the ARP query?  If not, 
there's no problem.  Another issue is what the machine does with 
unsolicited ARP replies, as well as whether it will populate its table 
from ARP queries.)


		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com ("Firewalls" book)