|
Hello,
On Sun, 11 Jul 2004, Joseph Mack wrote:
> > arptables -A IN -d webmail.uio.no -j DROP
> > arptables -A OUT -s webmail.uio.no -j DROP
> > service arptables_jf save
> > chkconfig arptables_jf on
>
> Hi Julian,
>
> Is this the extension to iptables that you wrote a while ago?
Almost true, I'm not the arptables author, may be you
you are referring to the arprules/iparp functionality which is
based on 'ip', not on iptables. Similar names.
> This seems pretty simple. What are the problems with arptables that
> you've written arp_ignore and keep maintaining the hidden patch?
At that time there was no user space tool for the arptables
changes in kernel (done by David Miller), now there is such tool (I didn't
tried it), so the list of options to hide addresses in clusters is
extended.
arp_ignore was born day(s) after arp_announce. Both flags are
easy to set default policy for playing with ARP requests and replies
which was needed for years for stuff like interoperability with
other ARP stacks (mostly for controlling the source address selection
in ARP requests with arp_announce) or for hiding of addresses for
cluster setups.
> Thanks Joe
Regards
--
Julian Anastasov <ja@xxxxxx>
|
