Security Gateway on Gaia OS does not send ARP Replies to the directly connected network after adding a Policy-Based Route (PBR) for that network
When ARP Filtering feature is enabled (via 'sysctl'), the Linux OS does not reply to ARP Requests if ARP Replies are supposed to be sent via interfaces other than the interface, on which ARP Requests were received.
- Security Gateway has an internal interface ethX and an external interface ethY.
- A Policy-Based Route (PBR) rule is added, so that all traffic coming from network x.x.x.0/24 that is directly connected behind internal interface ethX is routed to y.y.y.0/24 behind external interface ethY.
- When a host on the directly connected network x.x.x.0/24 sends an ARP Request for Security Gateway's IP address on ethX interface, the Security Gateway does not send ARP Replies, because based on PBR rule, all traffic from/for that network (including ARP Replies) should be sent via ethY (via interface other than the one, on which ARP Requests were received).