How do you disable ARP discovery on an interface? How to add static ARP entries?

I didn't find anything about how to disable ARP discovery.

For static entries I found that uci for network has a neighbor section but no documentation.

I don't know how to do it with uci but if you have the ip-full package installed then you can set ip link set dev <interface> arp off and documentation for neighbor entries can ne found i.e. here https://man7.org/linux/man-pages/man8/ip-neighbour.8.html

1 Like

Thank for you for this solution. But I wish there was a way with UCI or at least with no additional packages.

You can of course try if the ip from BusyBox is complete enough.

Have you found/tested: Permanent arp entry not permanent? - #2 by mikma

Using iproute2 to block arp is too extreme (at least for me) and the settings will not survive a reboot. I would use an nftables table from the arp family to fine-tune what I need, but it requires the installation of:

0.84 KB         kmod-nft-arp
1 Like

I'm not sure if the user wants to block all arp traffic or just disable arp discovery of and on the router itself ...

To make it permanent,the user could add the command to a hook for example....

Thanks. Using the firewall seems another alternative.

I'm not sure what is extreme about disabling ARP. As far as I know the only purpose it has is to discover the MAC associated to an IP. What would be the need of it if I already add all the entries myself?

Not yet. But that is exactly the not documented side of UCI I mentioned for adding static entries.