[SunHELP] restrict outbound traffic of second interface

Dale Ghent daleg at elemental.org
Tue Jan 11 23:50:18 CST 2005


On Jan 11, 2005, at 8:56 PM, Tim Gallagher wrote:

> From looking in the archives and google it appears that a simple "route
> add"
> statement should do it, but the precise syntax eludes me. Also, what 
> is the
> best method to have it persist after reboots? ...a start script?

This is simple - just ifconfig up the interface with the correct 
netmask and leave it at that.

So this means just configuring the interface via 
/etc/hostsname.<interface> and /etc/netmasks to make only that network 
visible through that interface. The best part is that you won't have to 
add any route statements to do this.

If your backup network of 10.2.4.0 is a /24 for example, just put the 
following in /etc/netmasks:

10.2.4..0	255.255.255.0

and the only network that your machine will know how to talk to through 
that interface would be just 10.2.4.0/24, which I assume is what you 
want.

Note that if you do not include that /etc/netmasks entry, ifconfig will 
default to a /8 netmask because of the 10.0.0.0 address and will use it 
to try to talk to any address on 10.0.0.0.

/dale



More information about the SunHELP mailing list