ARP Works Regardless of Firewall Rules | Generated by AI
Question: Does ARP work between two computers on the same LAN even if one computer has all ports closed (firewall), as long as the network interface supports ARP?
Answer:
Yes, ARP works completely independently of any firewall rules, open/closed ports, or higher-layer protocols (TCP/UDP/ICMP). Here’s why:
- ARP operates at Layer 2 (Data Link layer) of the OSI model, below IP and everything handled by the operating system’s firewall.
- ARP packets are processed directly by the network interface card (NIC) driver and the kernel’s network stack before any firewall rules are applied.
- Even if a computer has a strict firewall that drops all incoming traffic (including ICMP ping), blocks all TCP/UDP ports, or even disables IP forwarding, it will still respond to ARP requests as long as:
- The network interface is up and has an IP address configured.
- ARP support is not explicitly disabled (which is extremely rare and usually only done manually for security testing).
- ARP requests are sent to the Ethernet broadcast address (ff:ff:ff:ff:ff:ff), so every device on the same LAN segment receives them, and the device with the requested IP will reply with its MAC address regardless of any software firewall.
In short: As long as the machine is physically connected to the LAN, has an IP address, and the interface is up, ARP will always work—no open ports or services are required.