Re: [PATCH] arp_filter patch for 2.4.4 kernel.

Andi Kleen (ak@suse.de)
Sun, 6 May 2001 10:40:37 +0200


On Sat, May 05, 2001 at 04:52:18PM -0700, David S. Miller wrote:
> > I have a setup that should be able to test some netfilter rules
> > if have some you want me to try....
>
> I'd be interested in seeing netfilter rules or a new netfilter
> kernel module which would do arpfilter as well.

I don't think it's a good idea. You either need a lot of hooks in the
arp input path for all the different cases or you would need to replicate
a lot of the arp.c logic into that netfilter module. Both not good.
IMHO it's better to just control replies via the routing table,
which already has all kinds of fancy mechanisms for it. In addition I haven't
seen a setup yet that couldn't be handled by arpfilter and the routing
table, it seems to be flexible enough for all practical purposes.

-Andi

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/