In recent kernels an option called arptables popped up. Like iptables and ipv6tables it does pretty much what the name suggests. However, I can't find any userland tools for it and this message suggests there aren't any.
After reading the code it seems resonably easy to do. Unless someone beats me to it, I might give it a shot
Since Mozilla is still being clipboard brain-dead I'm typing URLs into vim by hand. This means that I mess up some of them (since I'm too lazy to check) and, sure enough, I messed up the link to JSCH. Atsuhiko Yamanaka was kind enough to mail me and point it out. (now fixed)