The link protection mechanism in Oracle Solaris supplies the following protection types:
Enables protection against spoofing the system's MAC address. If the link belongs to a zone, enabling mac-nospoof prevents the zone's owner from modifying that link's MAC address.
Enables protection against IP spoofing. By default, outbound packets with DHCP addresses and link local IPv6 addresses are allowed.
You can add addresses by using the allowed-ips link property. For IP addresses, the packet's source address must match an address in the allowed-ips list. For an ARP packet, the packet's sender protocol address must be in the allowed-ips list.
Enables protection against spoofing of the DHCP client. By default, DHCP packets whose ID matches the system's MAC address are allowed.
You can add allowed clients by using the allowed-dhcp-cids link property. Entries in the allowed-dhcp-cids list must be formatted as specified in the dhcpagent(1M) man page.
Restricts outgoing packets to IPv4, IPv6, and ARP. This protection type is designed to prevent the link from generating potentially harmful L2 control frames.
For fuller descriptions of these protection types, see the dladm(1M) man page.