i've searched the FAQs, the documentation and the mailing list archives, but can't find anything on this topic.
is it possible to use netfilter to block either incoming "arp who-has" requests or outgoing "arp reply" packets? i have an LVS load-balanced squid proxy array, and i'm getting tired of applying the hidden-arp patch (actually, i mean usually forgetting to :-) every time i upgrade the kernel.....and thought it would be cool if i could just use netfilter to drop the problem arp packets. i don't want to block all ARP packets, just those matching a given IP address. i.e. i want to either drop incoming "arp who-has x.x.x.x tell foo" packets (where x.x.x.x is the VIP of the server) so that the realserver doesn't even see the arp request or, alternatively, drop the outgoing "arp-reply x.x.x.x is at ...." before it leaves the realserver. this seems to me like it would be a neat solution to the "arp problem" of LVS servers. craig -- craig sanders <[EMAIL PROTECTED]> Fabricati Diem, PVNC. -- motto of the Ankh-Morpork City Watch
