New hack: MULTI-NIC-ARP-LOCK

include/functions

@@ -138,7 +138,17 @@ function apply_ipv4_hack {
 			else
 				display_c RED "\nError: could not load $MOD_U32 module into the kernel.  Not using fix."
 			fi
-		;;	
+		;;
+		MULTI-NIC-ARP-LOCK)
+			# MULTI-NIC-ARP-LOCK - By default, in Linux, arp requests may be answered by interfaces that
+			#						do not actually have the IP in question.  In some (alot in my case),
+			#						I have things going through specific wires for a reason.  This fixes
+			#						that and makes it behave as expected.
+			for i in default all; do
+				echo "1" > /proc/sys/net/ipv4/conf/$i/arp_ignore
+				echo "2" > /proc/sys/net/ipv4/conf/$i/arp_announce
+			done
+		;;
 		esac
 		shift
 	done

options.default

@@ -62,8 +62,13 @@ IPv4_MARK=$BASEDIR/ipv4-marks
 
 # Hacks to either block specific kinds of attacks or fix problems
 #
-# NS-IN-DDOS - Block DNS DDoS using NS/IN spoof, see:
+# NS-IN-DDOS - 			Block DNS DDoS using NS/IN spoof, see:
 # http://www.stupendous.net/archives/2009/01/24/dropping-spurious-nsin-recursive-queries/
+# 
+# MULTI-NIC-ARP-LOCK -	By default, in Linux, arp requests may be answered by interfaces that
+#						do not actually have the IP in question.  In some (alot in my case),
+#						I have things going through specific wires for a reason.  This fixes
+#						that and makes it behave as expected.
 #
 HACK_IPV4="NS-IN-DDOS"