From mboxrd@z Thu Jan 1 00:00:00 1970 From: Lawrence MacIntyre Date: Mon, 19 Jul 2004 13:03:34 +0000 Subject: Re: [LARTC] block ethernet IPv4 traffic Message-Id: <40FBC6A6.80609@ornl.gov> List-Id: References: <39685.217.79.71.234.1090239494.squirrel@217.79.71.234> In-Reply-To: <39685.217.79.71.234.1090239494.squirrel@217.79.71.234> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org This will work as long as none of the clients are clued enough to add host routes or alias addresses. Rene Gallati wrote: > Anton Glinkov wrote: > >> On Mon, July 19, 2004 15:25, Ed Wildgoose said: >> >>> >>>> the bridge thing is not possible.. the network is too big.. 300 >>>> machines.. >>>> with over 30 switches (only one of them is manageable) :( >>>> Basically I want to deny ethertype 0800 (IPv4) packets for that LAN. >>>> The only solution I thought of was to have a linux machine in this LAN >>>> that has all the possible IP addresses set on its interface. >>>> >>>> >>> >>> Look, we can't help you until you explain the problem >>> >>> WHY is it not possible to have a bridge? This only requires two network >>> cards? >> >> >> >> I want to block the traffic between _ANY_ 2 of the machines in the >> network. > > > How about giving them a netmask of /32 instead of /24 (or whatever you > have) so that they only see themselves in the same network and then > giving them a static route to the default gw (since it is outside of the > /32). > > Then you can block all inter-client traffic at that single default > gateway (or one hop "in front" of it, seen from the clients) > > -- Lawrence MacIntyre 865.574.8696 lpz@ornl.gov Oak Ridge National Laboratory High Performance Information Infrastructure Technology Group _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/