Can ARP broadcasts be blocked?

In article , Saju wrote: :Using sunscreen, can I be able to block ARP broadcasts also on SUN :solaris machine? When an IP address is plumbed on the SUN machine, I :dont want the ARP broadcast to be sent. Any ideas?

To check: you do not want the SUN to -answer- ARP broadcasts, or you do not want the SUN to -send- ARP broadcasts?

Either way, in order to be able to communicate with the machines that you want it to be able to communicate with, you would have to enter static ARP entries for all of the other machines.

If you are going to do that, then perhaps null-routing all other addresses would work for you?

SUN should not be able to send ARP broadcasts.

And, I will not be able to add static ARP entries in all the machines in the same subnet for access control reasons.

Also, even if I null-route all other addresses, ARP broadcasts will reach the other machines. ARP broadcast when I plumb an IP address on my solaris machine do reach the other solaris machines on the same subnet (even when I have null-routing for this subnet).

Actually that is my intend. For some point of time, I want this particular solaris machine to be isolated (without taking out this machine physically). During this time, I will be doing some operations on this machine and that should not interfere with the outside world.

Example: I have SUN solaris machines A (X.Y.Z.A), B (X.Y.Z.B) and C (X.Y.Z.C) in the same subnet. machine B has the IP X.Y.Z.D (logical interface) also plumbed on it. Now, I want machine A to be isolated for sometime. I will apply Sunscreen to A so that it wont interact with either B or C. But, during this time I need to plumb the same IP X.Y.Z.D (which is already on B) on machine A also. During this time, ARP broadcast should not go out so that machine C updates its ARP cache with MAC of A. After the desired time, I will unplumb the IP X.Y.Z.D on B and remove the Sunscreen policies; Now, for the ARP caches to be updated with the MAC of A for IP X.Y.Z.D, I will DOWN and UP the corresponding interface on machine A using ifconfig. Thats basically about it. :)

Some application need to come up on this machine A which will use this IP.

If there is no ARP and no static ARP, then there will be no communication with IP.

Yours, VB.

Why not just shutting down the ethernet interface with ifconfig?

Yours, VB.

Why not setting up a virtual interface with this IP then?

Yours, VB.