From 386054dc1b9da6c84595e8d27bc46c2e673cf0f5 Mon Sep 17 00:00:00 2001
From: Matthew Grotke <mgrotke@gmail.com>
Date: Wed, 3 Jun 2026 03:23:19 -0400
Subject: [PATCH] Development

---
 routlin/maintenance.py | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/routlin/maintenance.py b/routlin/maintenance.py
index 7a974b9..4bffc83 100644
--- a/routlin/maintenance.py
+++ b/routlin/maintenance.py
@@ -23,6 +23,7 @@ Usage:
   python3 maintenance.py --getip         Print current public IP and exit
 """
 
+import ipaddress
 import json
 import os
 import subprocess
@@ -538,7 +539,17 @@ def rotate_radius_log(radius_cfg):
 ARP_MAX_AGE_SECS = 4 * 3600
 
 
-def refresh_arp_cache():
+def refresh_arp_cache(cfg):
+    vlan_networks = []
+    for v in cfg.get('vlans', []):
+        subnet = v.get('subnet')
+        mask   = v.get('subnet_mask')
+        if subnet and mask:
+            try:
+                vlan_networks.append(ipaddress.IPv4Network(f'{subnet}/{mask}', strict=False))
+            except ValueError:
+                pass
+
     try:
         result = subprocess.run(['ip', '-stats', 'neigh'], capture_output=True, text=True, timeout=5)
         best = {}  # mac -> (used_secs, entry_dict)
@@ -548,6 +559,12 @@ def refresh_arp_cache():
                 continue
             if ':' in parts[0]:  # skip IPv6
                 continue
+            try:
+                addr = ipaddress.IPv4Address(parts[0])
+                if vlan_networks and not any(addr in n for n in vlan_networks):
+                    continue
+            except ValueError:
+                continue
             iface = parts[2] if len(parts) > 2 else ''
             if iface.startswith('br-') or iface == 'docker0':
                 continue
@@ -626,7 +643,7 @@ def main():
         run_update(cfg, force=args.force)
 
     rotate_radius_log(cfg.get("_radius", {}))
-    refresh_arp_cache()
+    refresh_arp_cache(cfg)
 
 if __name__ == "__main__":
     main()