#!/bin/sh

# Contributed by Darren Hoo <darren.hoo@gmail.com>

# If you use dnsmasq as DHCP server on a router, you may have
# met with attackers trying ARP Poison Routing (APR) on your
# local area network. This script will setup a 'permanent' entry
# in the router's ARP table upon each DHCP transaction so as to
# make the attacker's efforts less successful.

# Usage:
# edit /etc/dnsmasq.conf and specify the path of this script
# to  dhcp-script, for example:
#  dhcp-script=/usr/sbin/static-arp

# if $1 is add or old, update the static arp table entry.
# if $1 is del, then delete the entry from the table
# if $1 is init which is called by dnsmasq at startup, it's ignored

ARP=/usr/sbin/arp

# Arguments.
# $1 is action (add, del, old)
# $2 is MAC
# $3 is address
# $4 is hostname (optional, may be unset)

if [ ${1} = del ] ; then
         ${ARP} -d $3
fi

if [ ${1} = old ] || [ ${1} = add ] ; then
         ${ARP} -s $3 $2
fi