tech-security: Re: rc.d script for adding static ARP entries

Subject: Re: rc.d script for adding static ARP entries
To: None <tech-security@netbsd.org>
From: Geert Hendrickx <geert.hendrickx@ua.ac.be>
List: tech-security
Date: 07/28/2005 17:02:45

On Tue, Jun 28, 2005 at 04:30:10PM +0200, Geert Hendrickx wrote:
> On Tue, Jun 28, 2005 at 03:59:59PM +0200, Nino Dehne wrote:
> > Also, may I suggest "staticarp" as a name for the script and maybe
> > /etc/arp.conf as a filename? There already is staticroute and route.conf,
> > hence the thought.
> 
> Sure.  Here's an updated script.  It now requires mountcitremote, and also
> NETWORKING, because the network interfaces must have their ip and netmask
> assigned already, otherwise arp will not be able to figure out which
> interface it should associate with each given hostname/ether_addr pair.  It
> must be run before SERVERS for security reasons.  
> 
> Thanks again for your comments.  
> 
> GH
> 
> -- 
> :wq

> #!/bin/sh
> #
> # $NetBSD$
> #
> 
> # PROVIDE: staticarp
> # REQUIRE: NETWORKING mountcritremote
> # BEFORE: SERVERS
> 
> . /etc/rc.subr
> 
> name="staticarp"
> rcvar="staticarp"
> command="/usr/sbin/arp"
> conf_file="/etc/arp.conf"
> required_files="${conf_file}"
> command_args="-f ${conf_file}"
> stop_cmd=":"
> 
> load_rc_config $name
> run_rc_command "$1"


Anyone willing to test/commit this?  

arp.conf fileformat is like this: 

172.16.1.2	00:00:24:c4:54:71
172.16.1.5	00:c0:9f:8d:d8:a4

GH