Hello Lukas,
looks like '-F' can be helpful if you have not so many hosts to
ignore. Since '-F' is a part of command line, you need to
include each host in command line, which looks not so accurate.
Theoretically you can hit command line length limit and if you
need to update blacklist you need to change
/etc/defaults/arpwatch each time. zabbix-proxy:~$ ps -A -o start_time,start,cmd|grep arpwatch Thank you for your help, I will try to open a wishlist bug. On 22/02/2019 02:38, Lukas Schwaighofer
wrote:
Hi Ivan, thanks for reaching out and working on improving arpwatch! On Wed, 20 Feb 2019 13:38:38 +0300 Ivan <ivan@ivanbayan.com> wrote:I have a patch for arpwatch (it was done for arpwatch-2.1a15 2 years ago). That patch add functionality to specify blacklist of IP addresses. Option similar to -z was added, but for list of /32 addresses. I asked Axel Beckert <abe@debian.org> how can I add patch for arpwatch, but he haven't respond, so how can I contribute it?Unfortunately arpwatch is no longer under active development. Since you've reached out to me (and Axel), I assume you're interested in adding your patch specifically to the arpwatch package in Debian. I'm maintaining the package as part of the Debian Security Tools packaging team (I've added our list to CC). Based on your message, I believe what you're trying to achieve (blocking a list of IP addresses) can be done with the `-F` option that is present since Debian version 2.1a15-4. `-F` allows setting a pcap filter, which is pretty versatile way of hiding certain packages from arpwatch altogether. Please check if you can use `-F` instead of adding a patch. If you cannot use `-F`, the correct procedure is to open a wishlist bug against the arpwatch package. You can attach your patch to that bug. Thanks & regards Lukas PS: I'm traveling over the weekend, so my responses may be a bit delayed. Ivan |