vh/NetAlertX
1
0
Fork 0
mirror of https://github.com/jokob-sk/NetAlertX.git synced 2026-04-03 00:31:35 -07:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity
Files
8ab9d9f3951aa1bea9cfae86fdaefb4e03af535c
NetAlertX/docs/docker-troubleshooting/arp-flux-sysctls.md
Adam Outler 8ab9d9f395 Update docs
2026-03-02 19:43:38 +00:00

1.1 KiB
Raw Blame History

ARP Flux Sysctls Not Set

Issue Description

NetAlertX detected that ARP flux protection sysctls are not set as expected:

  • net.ipv4.conf.all.arp_ignore=1
  • net.ipv4.conf.all.arp_announce=2

Security Ramifications

This is not a direct container breakout risk, but detection quality can degrade:

  • Incorrect IP/MAC associations
  • Device state flapping
  • Unreliable topology or presence data

Why You're Seeing This Issue

The running environment does not provide the expected kernel sysctl values. This is common in Docker setups where sysctls were not explicitly configured.

How to Correct the Issue

Set these sysctls at container runtime.

  • In docker-compose.yml (preferred):

    services:
  netalertx:
    sysctls:
      net.ipv4.conf.all.arp_ignore: 1
      net.ipv4.conf.all.arp_announce: 2

  • For docker run:

    docker run \
  --sysctl net.ipv4.conf.all.arp_ignore=1 \
  --sysctl net.ipv4.conf.all.arp_announce=2 \
  jokob-sk/netalertx:latest

Additional Resources

For broader Docker Compose guidance, see:

Reference in New Issue View Git Blame Copy Permalink