I'd like to stop my Linux machine from being able to communicate with
other machines more than (say) 10 "hops" away over the internet...
At a kernel level too. I don't want it to be able to be overriden by
anything short of a kernel patch/reboot (which I'd notice). All tcp, udp,
and any other type of traffic should expire before it travels that far.
I've had a look around the kernel source and changed a few MAXTTL type
entries, but to no effect. I'm don't really understand the technicalities of
what I want, only that I *do* want it. I remember from a while back
people having trouble with the old 30 hop maximum, so I figure that this
should be possible...
(Here in NZ, we pay volume charges for data that goes over our overseas
link. Due to the rather unpredictable layout of both domain names and
IP numbers, the only way I can easily stop people from accessing overseas
sites is something like this, since all NZ sites seem to be within 8 hops,
and most overseas ones at least 14. I can deal with letting specific
things connect further by using a proxy on another machine. )
Can anyone help?
The only alternative is for me to go firewall crazy and spend a lot of
effort keeping track of which new sites are where... :-/
I'd also like to mention that I've been running 1.3.68 quite happily for
about 48 hours now under medium load. (its a small BBS/ISP). All the problems
with sockets from the 1.3.6x series seems to have vanished, and NFS "feels"
faster. This is on a VLB 486 with IDE drives. smbfs, nfs, ppp. I've been
unable to get IP masquerading working, but haven't tried it before, so
thats probably just me.
Keep up the good work everyone. Linux has come a long way since I first
installed it. (0.99pl68, TAMU distribution. :-) )
- Colin