I have pc based router(p4-1.5), mkt 2.9.12, 2 realtek nics, first for uplink from my isp(inet), second looks in my network(Netw).On second nic are 3 subnets(80.70.xx.xx,80.70.yy.yy,80.70.zz.zz).
Arp on interface inet is set to reply-only.I have about 530 records in arp table.Clients with correct mac address(with mac address, witch is in arp table on router) from 80.70.yy.yy and 80.70.zz.zz can access to internet, with incorrect mac no, but clients can setup any ip address 80.70.xx.xx and access to internet (in arp table may be any ip from 80.70.xx.xx with any mac address).I sent supout file to support, but didnt receive any answer 
Anybody had same problems?
just like I asked you in the mail:
you say that “the mac’s that are in the ARP table can access the internet, and mac’s that are not in the table, can not access the internet”
BUT THEN you say this:
“but clients can setup any ip address 80.70.xx.xx and access to internet”
so does arp work or not? what is the problem exactly?
my problem is:anybody in my network can setup any free ip from 80.70.xx.xx and can access to internet.free means that there are no other computer with same ip in network.But arp with 80.70.yy.yy and 80.70.zz.zz works fine…I tryed to add in arp table ip 80.70.1x.x with mac address 00:00:AA:AA:BB:BB, setup it(ip address) on my computer and i can access to internet(my comuter mac isn`t 00:00:AA:AA:BB:BB…arp is reply only
so arp mac blocking only works with specific ip subnets?
yes, arp blocking only works with specific ip subnets
normis?
not sure how one can reproduce this
You don’t have any bridge or somethin’???
no, only static routing and firewalled virus ports
Have you tried rebooting after making changes to ARP table? I’ve found this is sometimes neccesary on 2.8.
yes
normis, did you receive my mail with supout file?What do you think about my problem…