|
On søn, 2004-07-11 at 04:19 +0200, Kjetil Torgrim Homme wrote:
> why not use arptables? it's a supported package and does the job. (I
> did make a fool of myself and blocked only incoming requests, so I got
> bitten by the gratuitous ARP from ifup myself, but I deserved that.)
>
> the package name is arptables_jf for some reason.
I was prompted to write a little more about it.
the package is part of AS, but you can download the src.rpm and rpmbuild
--rebuild if you're using WS, since the WS kernel has the same support.
configuration is pretty straightforward, it is very similar to iptables.
arptables -A IN -d webmail.uio.no -j DROP
arptables -A OUT -s webmail.uio.no -j DROP
service arptables_jf save
chkconfig arptables_jf on
the arptables_jf service is run before the network is brought up, so it
will just work after next reboot.
--
Kjetil T.
|
