Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 12 Aug 2005 10:52:51 +0200
From:      Jeremie Le Hen <jeremie@le-hen.org>
To:        Claudio Jeker <cjeker@diehard.n-r-g.com>, freebsd-net@freebsd.org, Steve Langdon <steve.langdon@mail.ru>
Subject:   Re: Stranges with ARP
Message-ID:  <20050812085251.GB45385@obiwan.tataz.chchile.org>
In-Reply-To: <20050810141938.GF31018@diehard.n-r-g.com>
References:  <E1E2qIp-000NEB-00.steve-langdon-mail-ru@f24.mail.ru> <20050810141938.GF31018@diehard.n-r-g.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Hi Claudio, Steve,

> > While user is blocked by _our_ generated MAC! Btw, could anyone advice
> > me how to block user IP block without touching ipfw (I think to use
> > route + ``-blackhole' to that user that have no his MAC in my ARP
> > table), any ideas?

I'm just wondering why you don't want to use ipfw ?  If it is for
performance reasons, you have to know that ipfw is really fast and
is intended to be run on routers.  Have a look at this post [1].

> Come on have a look at the MAC address. d1:fa:28:ec:87:98. Ja ja ja d1.
> Remember the multicast bit of 802.11? No, its the LSB of the first octet.
> So your outgoing pings are actually multicasts.

Good catch ! :-)

[1] http://lists.freebsd.org/pipermail/freebsd-ipfw/2005-July/001934.html

Regards,
-- 
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050812085251.GB45385>