Good day! I've been having a headache for days(I still fight, no success yet) in trying to find a way to block ARP for specific MAC address(example 00:50:56:c0:00:08). I want to see how I can achieve this on OpenBSD, I would appreciate a technical answer or a hint/site/doc/book where I can research more to expand my knowledge. I've tried lot of combinations on config, many lookups over the internet and I was not able to find an answer yet.
This is what I've found and tried. OpenBSD can filter level 2 traffic only if the interface is part of a BRIDGE. By adding it to a bridge it put it in promiscuous mode so that it can receive every packet sent on the network. So by having this requirement I have hostname.bridge0 ---------------hostname.vic0---------------- inet autoconf up ---------------hostname.bridge0---------------- #add my network card to bridge add vic0 blocknonip vic0 rule block in on vic0 rule block out on vic0 src 00:50:56:c0:00:08 rule block out on vic0 dst 00:50:56:c0:00:08 up ----------------------------------------------- now I reboot and expect to see the packets blocked for 00:50:56:c0:00:08 However these are not blocked and here is the log: 00:50:56:c0:00:08 ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.121.131 tell 102.168.121.1 00:50:56:c0:00:08 ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.121.131 tell 102.168.121.1 00:0c:29:c3:d9:a7 00:50:56:c0:00:08 0806 60: arp reply 192.168.121.131 is-at 00:0c:29:c4:d9:a7 So I see a success request/response for 00:50:56:c0:00:08 I would appreciate any help. Kind Regards, Claudiu
