diff options
Diffstat (limited to 'examples/xml/nwfilter/no-arp-spoofing.xml')
-rw-r--r-- | examples/xml/nwfilter/no-arp-spoofing.xml | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/examples/xml/nwfilter/no-arp-spoofing.xml b/examples/xml/nwfilter/no-arp-spoofing.xml index c6c858dad..96c58c153 100644 --- a/examples/xml/nwfilter/no-arp-spoofing.xml +++ b/examples/xml/nwfilter/no-arp-spoofing.xml @@ -12,7 +12,11 @@ <rule action='drop' direction='out' priority='400' > <arp match='no' arpsrcipaddr='$IP' /> </rule> - <!-- drop if ipaddr or macaddr odes not belong to guest --> + <!-- allow gratuitous arp --> + <rule action='accept' direction='in' priority='425'> + <arp gratuitous='true'/> + </rule> + <!-- drop if ipaddr or macaddr does not belong to guest --> <rule action='drop' direction='in' priority='450' > <arp match='no' arpdstmacaddr='$MAC'/> <arp opcode='reply'/> |