I have an embedded Linux on some network device. Because this device is pretty important I have to make many network tests (I have a separate device for that). These tests include flooding my device with ARP packets (normal packets, malformed packets, packets with different size etc.)
I read about different xx-tables on the internet: ebtables, arptables, iptables, nftables etc. For sure I'm using iptables on my device.
- What xx-tables is the best to filter (limit, not drop) ARP packets?
- I heard something about /proc/config.gz file which suppose to have information what is included in the Kernel. I checked CONFIG_IP_NF_ARPFILTER which is not included. So - in order to use arptables - I should have Kernel compilled with CONFIG_IP_NF_ARPFILTER option enabled, correct? And the same goes to for example ebtables?
- I read that ebtables & arptables works on OSI level 2 when iptables works on OSI level 3. So I would assume that filtering anything on level 2 is better (performance?) then on level 3, correct?
- I found somewhere on this website answer to use ebtables to filter ARP packets. Does ebtables have any advantage over arptables?
- EXTRA ONE. What is the best source on the internet to learn about limiting/filtering network traffic for different kind of packets and protocols?