From 4314b1e85bd5495832b4398bdbd358c41703dcc9 Mon Sep 17 00:00:00 2001
From: raja-grewal <rg_public@proton.me>
Date: Tue, 1 Jul 2025 13:36:39 +1000
Subject: [PATCH] Add comment

---
 usr/lib/sysctl.d/990-security-misc.conf | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/usr/lib/sysctl.d/990-security-misc.conf b/usr/lib/sysctl.d/990-security-misc.conf
index 9d4f3eb..eaa671e 100644
--- a/usr/lib/sysctl.d/990-security-misc.conf
+++ b/usr/lib/sysctl.d/990-security-misc.conf
@@ -477,6 +477,9 @@ net.ipv4.conf.*.arp_filter=1
 ## https://github.com/mullvad/mullvadvpn-app/pull/7141
 ## https://www.x41-dsec.de/static/reports/X41-Mullvad-Audit-Public-Report-2024-12-10.pdf
 ##
+## Can lead to breakages with certain VM configurations that may be resolved by lowering protection to `arp_ignore=1`.
+## https://github.com/Kicksecure/security-misc/pull/290
+##
 net.ipv4.conf.*.arp_ignore=2
 
 ## Drop gratuitous ARP (Address Resolution Protocol) packets.