summaryrefslogtreecommitdiff
path: root/contrib/static-arp/static-arp
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/static-arp/static-arp')
-rw-r--r--contrib/static-arp/static-arp35
1 files changed, 35 insertions, 0 deletions
diff --git a/contrib/static-arp/static-arp b/contrib/static-arp/static-arp
new file mode 100644
index 0000000..82115b7
--- /dev/null
+++ b/contrib/static-arp/static-arp
@@ -0,0 +1,35 @@
+#!/bin/sh
+
+# Contributed by Darren Hoo <darren.hoo@gmail.com>
+
+# If you use dnsmasq as DHCP server on a router, you may have
+# met with attackers trying ARP Poison Routing (APR) on your
+# local area network. This script will setup a 'permanent' entry
+# in the router's ARP table upon each DHCP transaction so as to
+# make the attacker's efforts less successful.
+
+# Usage:
+# edit /etc/dnsmasq.conf and specify the path of this script
+# to dhcp-script, for example:
+# dhcp-script=/usr/sbin/static-arp
+
+# if $1 is add or old, update the static arp table entry.
+# if $1 is del, then delete the entry from the table
+# if $1 is init which is called by dnsmasq at startup, it's ignored
+
+ARP=/usr/sbin/arp
+
+# Arguments.
+# $1 is action (add, del, old)
+# $2 is MAC
+# $3 is address
+# $4 is hostname (optional, may be unset)
+
+if [ ${1} = del ] ; then
+ ${ARP} -d $3
+fi
+
+if [ ${1} = old ] || [ ${1} = add ] ; then
+ ${ARP} -s $3 $2
+fi
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-26 09:34:20 +0000