Re: [vox-tech] ipchains/firewall question

[Micah Cowan <micah@cowanbox.MAPScom>]

On Wed, Oct 18, 2000 at 05:42:31PM -0700, Ted Deppner wrote:
> With all due respect...
> 
> I cannot fathom why you are discussing blocking 192.0.0.0/8 or 19*.*.*.*.
> This indicates a basic lack of understanding about IP routing, netmasks,
> and (drum roll) an appropriate network design.
> 
> Either you are being silly (which makes for a short career in the
> firewalls field), or you really shouldn't be building firewall rulesets.
> 
> As Micah mentioned the internal network space is 192.168.0.0/16 and
> should be blocked from reaching the world, or the world reaching in to
> you.  Other spaces are 10.0.0.0/8 and 172.16.0.0/26.
> 
> Also, rather than removing access from 19*.*.*.*, you should probably
> focus on what you will allow, with a default of deny.

Hardly necessary commentary, Ted.  I'm imagining right now that
you haven't really been following this thread - he's not setting up
a router or a "real" firewall - he just doesn't want network traffic
from the rest of the school interfering with his Beowulf cluster.

Micah