Skip to content

Respond to ARP requests only if the target IP address is on-link#290

Merged
adrelanos merged 1 commit intoKicksecure:masterfrom
raja-grewal:arp_ignore
Jan 10, 2025
Merged

Respond to ARP requests only if the target IP address is on-link#290
adrelanos merged 1 commit intoKicksecure:masterfrom
raja-grewal:arp_ignore

Conversation

@raja-grewal
Copy link
Contributor

As per #279 (comment).

Changes

Set sysctl net.ipv4.conf.*.arp_ignore=2

Mandatory Checklist

  • Legal agreements accepted. By contributing to this organisation, you acknowledge you have read, understood, and agree to be bound by these these agreements:

Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint

Optional Checklist

The following items are optional but might be requested in certain cases.

  • I have tested it locally
  • I have reviewed and updated any documentation if relevant
  • I am providing new code and test(s) for it

@ArrayBolt3
Copy link
Contributor

Seems very useful. I mentioned some concerns here: #289 (comment) This should still be usable though as long as we document how to undo it.

Minor nitpick, but there seems to be some extra whitespace (two spaces in a row) in the comments above the actual sysctl option.

@raja-grewal
Copy link
Contributor Author

Thanks for the review!

The double spaces in the README.md are there to limit line length.

As per the documentation (see also the recent Mullvad VPN audit), I think enabling this setting is currently a high-priority concern.

@ArrayBolt3
Copy link
Contributor

kk, that's fine. I can document this in the Wiki for us, and I agree this is important.

@adrelanos I consider this ready to merge.

@adrelanos adrelanos merged commit 486757b into Kicksecure:master Jan 10, 2025
@raja-grewal raja-grewal deleted the arp_ignore branch January 11, 2025 01:56
@ArrayBolt3
Copy link
Contributor

Not a surprise, as mentioned in other comments this change was going to probably break things, thus why it's important to document how to undo it. We may be able to improve our documentation so that people running into these problems know what to change though.

@ArrayBolt3
Copy link
Contributor

The current wiki documentation on this is at https://www.kicksecure.com/wiki/Networking#ARP_sysctl_settings

@raja-grewal raja-grewal mentioned this pull request Jul 1, 2025
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants

Comments