[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Any way to suppress select arp messages?
We have a number of Windows systems with multiple network interfaces
that are "ganged" via Intel's load balancing configuration. Our NetBSD
(i386 5.1 release) firewall keeps reporting ARP messages of the following form:
arp info overwritten for <ip-addr> by 00:06:5b:ef:29:9f
arp info overwritten for <ip-addr> by 00:06:5b:ef:29:a0
Of course, there are cases where we would want to know when the IP address of
a host seems to somehow migrate to another MAC address. But in the case of
these specific systems, where this behavior is unavoidable, we'd like to be
able to suppress these notifications.
Is there any way to accomplish this, short of modifying the source
code? If not, and someone wants to cobble something together, I would
recommend an implemention based on an "ARP exceptions file," whereby you
provide an IP address, and the "acceptable" or "allowed" MAC addresses for
that IP address, and so long as the kernel sees that IP address with one of
the cited MAC addresses, the notification is suppressed. For any IP address
that isn't cited in the file (or for a cited IP address with an "unknown"
MAC address), normal notifications such as above are generated when warranted.
Am I "totally out there," or does this concept have any merit?
Main Index |
Thread Index |