Lock ARP to specified IP address

[superhil]

I have a PC router

I want to lock client's ARP to specified IP address so he can't change his IP ( if he change his IP manually, he will be blocked)

Is this will work ?

arp -s (IP/HOST) (ARP/MAC)

i think that doesn't work

i need your help

 

[SirDice]

If there's a router between the machine you're running this on and the client it won't work.

Simplest solution would be to remove the privilege to change his/her IP address from the machine (e.g. remove their administrator access).

 

[aragon]

That should work...

Of course you'll need to save it in /etc/rc.conf so that it's restored at boot:

static_arp_pairs="blah bleh bloh"
static_arp_blah="1.2.3.4 11:22:33:44:55:66"
static_arp_bleh="1.2.3.5 22:33:44:55:66:77"
static_arp_bloh="1.2.3.6 33:44:55:66:77:88"

 

[superhil]

That should work...

Of course you'll need to save it in /etc/rc.conf so that it's restored at boot:

static_arp_pairs="blah bleh bloh"
static_arp_blah="1.2.3.4 11:22:33:44:55:66"
static_arp_bleh="1.2.3.5 22:33:44:55:66:77"
static_arp_bloh="1.2.3.6 33:44:55:66:77:88"

thanks for answering my question

Is that script same with arp -s command ?

 

[SirDice]

Keep in mind that it's rather trivial to change a MAC address on a machine.

 

[aragon]

Is that script same with arp -s command ?

The FreeBSD RC script in question uses arp -S.

 

[paijo]

thanks for answering my question

Is that script same with arp -s command ?

that command should work. if you use -S rather than -s, any existing ARP entry for the host/client will be deleted first.