[LARTC] block ethernet IPv4 traffic
Rene Gallati
lartc@draxinusom.ch
Mon, 19 Jul 2004 14:52:01 +0200
Anton Glinkov wrote:
> On Mon, July 19, 2004 15:25, Ed Wildgoose said:
>=20
>>
>>>the bridge thing is not possible.. the network is too big.. 300
>>>machines..
>>>with over 30 switches (only one of them is manageable) :(
>>>Basically I want to deny ethertype 0800 (IPv4) packets for that LAN.
>>>The only solution I thought of was to have a linux machine in this LAN=
>>>that has all the possible IP addresses set on its interface.
>>>
>>>
>>
>>Look, we can't help you until you explain the problem
>>
>>WHY is it not possible to have a bridge? This only requires two networ=
k
>>cards?
>=20
>=20
> I want to block the traffic between _ANY_ 2 of the machines in the netw=
ork.
How about giving them a netmask of /32 instead of /24 (or whatever you=20
have) so that they only see themselves in the same network and then=20
giving them a static route to the default gw (since it is outside of the =
/32).
Then you can block all inter-client traffic at that single default=20
gateway (or one hop "in front" of it, seen from the clients)
--=20
C U
- -- ---- ----- -----/\/ Ren=E9 Gallati \/\---- ----- --- -- -