ARP poisoning attacks, discussed in Chapter 2, are a real threat to all entities on a wireless network, including the gateway. An ARP attack against the gateway could cut off all network connectivity to the clients. The possibility of a successful ARP attack can be reduced by setting up static ARP entries for IP addresses that we know ahead of time.
In the case of the gateway, two particular IP addresses can benefit most from static ARP: the IP of the access point and the IP of the cable modem or router.
Add two lines to the end of /etc/rc.local:
arp -Sarp -S<AP IP> <AP MAC><ROUTER IP> <ROUTER MAC>
If there are any hosts on the wired network that are going to act as servers and will not be using DHCP to get dynamic addresses, it wouldn’t hurt to create static ARP entries for them too.