What about vlans? Every machine on a separate vlan. Easy enough if you have access to the network On Mon, 2004-07-19 at 09:03, Lawrence MacIntyre wrote: > This will work as long as none of the clients are clued enough to add > host routes or alias addresses. > > Rene Gallati wrote: > > Anton Glinkov wrote: > > > >> On Mon, July 19, 2004 15:25, Ed Wildgoose said: > >> > >>> > >>>> the bridge thing is not possible.. the network is too big.. 300 > >>>> machines.. > >>>> with over 30 switches (only one of them is manageable) :( > >>>> Basically I want to deny ethertype 0800 (IPv4) packets for that LAN. > >>>> The only solution I thought of was to have a linux machine in this LAN > >>>> that has all the possible IP addresses set on its interface. > >>>> > >>>> > >>> > >>> Look, we can't help you until you explain the problem > >>> > >>> WHY is it not possible to have a bridge? This only requires two network > >>> cards? > >> > >> > >> > >> I want to block the traffic between _ANY_ 2 of the machines in the > >> network. > > > > > > How about giving them a netmask of /32 instead of /24 (or whatever you > > have) so that they only see themselves in the same network and then > > giving them a static route to the default gw (since it is outside of the > > /32). > > > > Then you can block all inter-client traffic at that single default > > gateway (or one hop "in front" of it, seen from the clients) > > > > _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/