[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ethfw equivalent for openbsd?
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: ethfw equivalent for openbsd?
- From: buzzdee <reitenba_(_at_)_fh-brandenburg_(_dot_)_de>
- Date: Sat, 13 Dec 2003 12:18:15 +0100
- Organization: L00 bugdead prods.
Am Samstag, 13. Dezember 2003 11:15 schrieb buzzdee:
> hi list,
> is there something similar available for openbsd which works like the ethfw
> for freebsd? this tool is filtering packets, based on mac and ip address.
> if one of both is not correct, the packet is dropped. the linux firewall
> has the same feature i think.
> googling around didn't helped much, got some broken links to the homepage
> of the author.
> i only want to overcome that annoying arp spoofing. i want to block
> communication to my default gateway, if someone tries hook up a man in the
> middle attack for sniffing my connection.
> or is there any other way to do this?
someone suggested to use static arp, but i can't do that because i want to use
that feature on my ipless openbsd bridging firewall, which i have put in front
of my linux nat box. (which'll be replaced soon) i just want to stop spoofed
traffic at the bridge, i know i can use static arp entries at the linux box,
but just wondering wheather i can use my bridge to do that.
my bridge has an interface for administrative purposes at my internal lan.
the ip is like 10.0.0.x/24. the bridged net on the other two interfaces is
192.168.5.0/24. if i try to add an static arp entry the box tells me the:
# arp -s 192.168.5.254 00:01:F4:09:77:BB permanent
cannot intuit interface index and type for 192.168.5.254