Re: block ethernet IPv4 traffic

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



What about vlans?  Every machine on a separate vlan.  Easy enough if you
have access to the network

On Mon, 2004-07-19 at 09:03, Lawrence MacIntyre wrote:
> This will work as long as none of the clients are clued enough to add 
> host routes or alias addresses.
> 
> Rene Gallati wrote:
> > Anton Glinkov wrote:
> > 
> >> On Mon, July 19, 2004 15:25, Ed Wildgoose said:
> >>
> >>>
> >>>> the bridge thing is not possible.. the network is too big.. 300
> >>>> machines..
> >>>> with over 30 switches (only one of them is manageable) :(
> >>>> Basically I want to deny ethertype 0800 (IPv4) packets for that LAN.
> >>>> The only solution I thought of was to have a linux machine in this LAN
> >>>> that has all the possible IP addresses set on its interface.
> >>>>
> >>>>
> >>>
> >>> Look, we can't help you until you explain the problem
> >>>
> >>> WHY is it not possible to have a bridge?  This only requires two network
> >>> cards?
> >>
> >>
> >>
> >> I want to block the traffic between _ANY_ 2 of the machines in the 
> >> network.
> > 
> > 
> > How about giving them a netmask of /32 instead of /24 (or whatever you 
> > have) so that they only see themselves in the same network and then 
> > giving them a static route to the default gw (since it is outside of the 
> > /32).
> > 
> > Then you can block all inter-client traffic at that single default 
> > gateway (or one hop "in front" of it, seen from the clients)
> > 
> > 

_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux