From f44ff9304eda86f94ab0458b4016136a72b973c3 Mon Sep 17 00:00:00 2001
From: toby <toby@wit.com>
Date: Sat, 9 Mar 2019 12:05:45 -0800
Subject: [PATCH] disabling arp on the vm interface all together. we have the
 static entries from the unnumbered system, reduces the attack surface and DOS
 potentially on the hypervisor

---
 files/qemu-ifup-public | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/files/qemu-ifup-public b/files/qemu-ifup-public
index 8b1b7b4..0912549 100755
--- a/files/qemu-ifup-public
+++ b/files/qemu-ifup-public
@@ -41,7 +41,7 @@ gwmac() {
 
 ip link set ${IFACE} address $(gwmac $PUBLICMAC) up
 arp -i ${IFACE} -s 169.254.0.1 ${PUBLICMAC}
-
+sysctl -w net.ipv4.conf.${IFACE/./\/}.arp_ignore=8
 
 IFS=',' read -ra IPS <<< "$IP"
 for IP in "${IPS[@]}"; do