i'm writing some ipchains rules for our cluster. since a mistake would mean
bringing the cluster down to a halt and interrupting programs that have been
running for weeks, i just want to make sure everything is ok before i
implement it. can't have too many eyes.
here's topology:
ext network ----> 169.237.44.88 (eth0) int network
wulfgar 192.168.0.1
192.168.0.100 (eth1) -----> 192.168.0.2
192.168.0.3
...
if i wanted to restrict 192.*.*.* from entering the internal network (all
protocols, all ports), what i think is correct is:
ipchains -A input -s 192.0.0.0/255.0.0.0 -i eth0 -j DENY
i think this is right, but the consequences of it being wrong are pretty
harsh. anyone see anything wrong?
when you have an ip address like 192.0.0.0, does that automatically imply a
netmask of 255.0.0.0? (i was wondering about this for the tcp wrappers as
well).
thanks!
pete
