(PM) Route Filter Question

Jason Hatch (zone@berkshire.net)
Sun, 30 Nov 1997 13:45:53 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Stephen Fisher: "Re: (PM) Memory"
Previous message: E K Bond: "(PM) PM2 port expansion boards"

Many moons ago, while trying to protect my network from various intrusions
(such as nfs mounts, etc), I started banging away at route filters that
protected my UNIX hosts. Originally, I applied these filters to my entire
class-c, but learned that my users' winsock apps were constantly picking
well known, but > 1023 source ports, so I decided to try to narrow my
margin.

My thinking was to apply this filter to only a subset of my class-c,
rather than entering a seperate rule for each one of the machines I wanted
to protect. The IP address range of my UNIX machines really didn't fall
within the bounds of a traditional subnet, so I decided to do something
like the following:

15 deny 0.0.0.0/0 XXX.XXX.XXX.10/28 etc, etc

My thinking was that I could arbitrarily set the network number (sort of
like a VLSM) to 10 and have it match .11-.24 for all the filter rules
using the above convention. Sort of like a "start here and count up". Now
that I'm refreshing my stale knowledge of subnetting, I am beginning to
wonder if that may have been a bad choice.

I've tested it plenty of times, and it appears to match the range I've
selected. But now I'm wondering if it could somehow have an effect on
machines outside that range.

Was my thinking correct?

TIA

-Jason

-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.

Next message: Stephen Fisher: "Re: (PM) Memory"
Previous message: E K Bond: "(PM) PM2 port expansion boards"