Hi, we use OpenBSD in a transparent firewall configuration.
Because of different reasons we have the need for proxy-ARP at firewall's internal network interface. To avoid information lost (e.g. by ARP-Scanning) at the external interface it's necessary to allow proxy ARP only for the internal side and not at the external interface. In opposite to Linux it seems to be impossible in OpenBSD to add proxy ARP entries only for a specific network interface (missing option for the ARP command) nor to disable proxy ARP at all for some interfaces (sysctl or ifconfig option). So it seems that some code change is necessary. Are there some solutions, hints or papers or some ideas that could help us ? -- Hendrik
