[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ethfw equivalent for openbsd?



Am Samstag, 13. Dezember 2003 11:15 schrieb buzzdee:
> hi list,
>
> is there something similar available for openbsd which works like the ethfw
> for freebsd? this tool is filtering packets, based on mac and ip address.
> if one of both is not correct, the packet is dropped. the linux firewall
> has the same feature i think.
> googling around didn't helped much, got some broken links to the homepage
> of the author.
> i only want to overcome that annoying arp spoofing. i want to block
> communication to my default gateway, if someone tries hook up a man in the
> middle attack for sniffing my connection.
> or is there any other way to do this?

hi,
someone suggested to use static arp, but i can't do that because i want to use
that feature on my ipless openbsd bridging firewall, which i have put in front 
of my linux nat box. (which'll be replaced soon) i just want to stop spoofed 
traffic at the bridge, i know i can use static arp entries at the linux box, 
but just wondering wheather i can use my bridge to do that.

my bridge has an interface for administrative purposes at my internal lan.
the ip is like 10.0.0.x/24. the bridged net on the other two interfaces is 
192.168.5.0/24. if i try to add an static arp entry the box tells me the:
# arp -s 192.168.5.254 00:01:F4:09:77:BB permanent
cannot intuit interface index and type for 192.168.5.254

buzz