hi

i want to use arp as MAC filtering
i know that on microtic routers this works well and this is the most sipmle and most effective way to filter macs

i have a pretty wide LAN on my neighbourhood and i need MAC filtering to secure my network.

for now i tried
ifconfig eth0 -arp
*eth0 - internal i-face of router
i made a file containig IP's and MAC's of my custumers
arp -f /path/filename adds all this to arp table as static arps
everithing works well for about 10 minutes

after that i cant ping anyone

when i do :
ifconfig eth0 arp
ifconfig eth0 -arp


everything works again - but 10 minutes and network is down

why is this happening ?

what to do?

First, you aren't filtering.

You are specifying in a file, what the Layer 2-Layer 3 mapping is. This simply saves the arp daemon from having to query those machines.
It will still, however, accept new entries.

You need to compile MAC filtering support into your kernel, and do it using iptables.

i know what arp is and i know what it does

and i am sure that it is good way to secure network

you didnt answer my question!!

about iptables - it is nightmare

What you are doing, will not secure a network.
Layer 2 filtering is - you are correct - great security - but not in this method.
You can't control your arp table that finitely, with such little effort......