diff options
| -rw-r--r-- | usr.sbin/arp/arp.8 | 16 | ||||
| -rw-r--r-- | usr.sbin/arp/arp.c | 11 |
2 files changed, 23 insertions, 4 deletions
diff --git a/usr.sbin/arp/arp.8 b/usr.sbin/arp/arp.8 index 17b55fd..32b46fd 100644 --- a/usr.sbin/arp/arp.8 +++ b/usr.sbin/arp/arp.8 @@ -53,10 +53,14 @@ .Nm .Fl s Ar hostname ether_addr .Op Cm temp +.Op Cm reject +.Op Cm backhole .Op Cm pub Op Cm only .Nm .Fl S Ar hostname ether_addr .Op Cm temp +.Op Cm reject +.Op Cm backhole .Op Cm pub Op Cm only .Nm .Fl f Ar filename @@ -148,6 +152,18 @@ This type of entry is created automatically if detects that a routing table entry for .Ar hostname already exists. +.Pp +If the +.Cm reject +keyword is specified the entry will be marked so that traffic to +the host will be discarded and the sender will be notified the +host is unreachable. +The +.Cm blackhole +keyword is similar in that traffic discarded but the sender is +not notified. +These can be used to block external traffic to a host without +using a firewall. .It Fl S Ar hostname ether_addr Is just like .Fl s diff --git a/usr.sbin/arp/arp.c b/usr.sbin/arp/arp.c index 65b55ad..c8ef3e9 100644 --- a/usr.sbin/arp/arp.c +++ b/usr.sbin/arp/arp.c @@ -321,8 +321,7 @@ set(int argc, char **argv) struct timeval tv; gettimeofday(&tv, 0); expire_time = tv.tv_sec + 20 * 60; - } - else if (strncmp(argv[0], "pub", 3) == 0) { + } else if (strncmp(argv[0], "pub", 3) == 0) { flags |= RTF_ANNOUNCE; doing_proxy = 1; if (argc && strncmp(argv[1], "only", 3) == 0) { @@ -330,6 +329,10 @@ set(int argc, char **argv) dst->sin_other = SIN_PROXY; argc--; argv++; } + } else if (strncmp(argv[0], "blackhole", 9) == 0) { + flags |= RTF_BLACKHOLE; + } else if (strncmp(argv[0], "reject", 6) == 0) { + flags |= RTF_REJECT; } else if (strncmp(argv[0], "trail", 5) == 0) { /* XXX deprecated and undocumented feature */ printf("%s: Sending trailers is no longer supported\n", @@ -627,8 +630,8 @@ usage(void) " arp [-n] [-i interface] -a", " arp -d hostname [pub]", " arp -d [-i interface] -a", - " arp -s hostname ether_addr [temp] [pub [only]]", - " arp -S hostname ether_addr [temp] [pub [only]]", + " arp -s hostname ether_addr [temp] [reject] [blackhole] [pub [only]]", + " arp -S hostname ether_addr [temp] [reject] [blackhole] [pub [only]]", " arp -f filename"); exit(1); } |
