diff options
author | sam <sam@FreeBSD.org> | 2008-03-18 21:45:27 +0000 |
---|---|---|
committer | sam <sam@FreeBSD.org> | 2008-03-18 21:45:27 +0000 |
commit | f5c289e7a87eda5b4525ebf960bf279bbd6d6246 (patch) | |
tree | bd231b4417c3e00dd4b65f241475220ef8243a94 /usr.sbin | |
parent | f46620ae374ea61cbb68746c3da2ad4c05cf2258 (diff) | |
download | FreeBSD-src-f5c289e7a87eda5b4525ebf960bf279bbd6d6246.zip FreeBSD-src-f5c289e7a87eda5b4525ebf960bf279bbd6d6246.tar.gz |
add reject+blackhole keywords to install entries with RTF_BLACKHOLE
and RTF_REJECT, respectively
PR: bin/79228
Submitted by: Dan Lukes <dan@obluda.cz>
MFC after: 2 weeks
Diffstat (limited to 'usr.sbin')
-rw-r--r-- | usr.sbin/arp/arp.8 | 16 | ||||
-rw-r--r-- | usr.sbin/arp/arp.c | 11 |
2 files changed, 23 insertions, 4 deletions
diff --git a/usr.sbin/arp/arp.8 b/usr.sbin/arp/arp.8 index 17b55fd..32b46fd 100644 --- a/usr.sbin/arp/arp.8 +++ b/usr.sbin/arp/arp.8 @@ -53,10 +53,14 @@ .Nm .Fl s Ar hostname ether_addr .Op Cm temp +.Op Cm reject +.Op Cm backhole .Op Cm pub Op Cm only .Nm .Fl S Ar hostname ether_addr .Op Cm temp +.Op Cm reject +.Op Cm backhole .Op Cm pub Op Cm only .Nm .Fl f Ar filename @@ -148,6 +152,18 @@ This type of entry is created automatically if detects that a routing table entry for .Ar hostname already exists. +.Pp +If the +.Cm reject +keyword is specified the entry will be marked so that traffic to +the host will be discarded and the sender will be notified the +host is unreachable. +The +.Cm blackhole +keyword is similar in that traffic discarded but the sender is +not notified. +These can be used to block external traffic to a host without +using a firewall. .It Fl S Ar hostname ether_addr Is just like .Fl s diff --git a/usr.sbin/arp/arp.c b/usr.sbin/arp/arp.c index 65b55ad..c8ef3e9 100644 --- a/usr.sbin/arp/arp.c +++ b/usr.sbin/arp/arp.c @@ -321,8 +321,7 @@ set(int argc, char **argv) struct timeval tv; gettimeofday(&tv, 0); expire_time = tv.tv_sec + 20 * 60; - } - else if (strncmp(argv[0], "pub", 3) == 0) { + } else if (strncmp(argv[0], "pub", 3) == 0) { flags |= RTF_ANNOUNCE; doing_proxy = 1; if (argc && strncmp(argv[1], "only", 3) == 0) { @@ -330,6 +329,10 @@ set(int argc, char **argv) dst->sin_other = SIN_PROXY; argc--; argv++; } + } else if (strncmp(argv[0], "blackhole", 9) == 0) { + flags |= RTF_BLACKHOLE; + } else if (strncmp(argv[0], "reject", 6) == 0) { + flags |= RTF_REJECT; } else if (strncmp(argv[0], "trail", 5) == 0) { /* XXX deprecated and undocumented feature */ printf("%s: Sending trailers is no longer supported\n", @@ -627,8 +630,8 @@ usage(void) " arp [-n] [-i interface] -a", " arp -d hostname [pub]", " arp -d [-i interface] -a", - " arp -s hostname ether_addr [temp] [pub [only]]", - " arp -S hostname ether_addr [temp] [pub [only]]", + " arp -s hostname ether_addr [temp] [reject] [blackhole] [pub [only]]", + " arp -S hostname ether_addr [temp] [reject] [blackhole] [pub [only]]", " arp -f filename"); exit(1); } |