Date: Sun, 25 May 2008 01:49:15 -0700 From: Xin LI <delphij@delphij.net> To: Ighighi Ighighi <ighighi@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: blackhole in PF possible? Message-ID: <4839280B.3000704@delphij.net> In-Reply-To: <de5dfb5a0805250114m5f141e6ek5dcf83d916bc206f@mail.gmail.com> References: <de5dfb5a0805250114m5f141e6ek5dcf83d916bc206f@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ighighi Ighighi wrote:
| blackhole(4) is hardly a feature if it applies to loopback interfaces
| as well. Its intended functionality
| ("to slow down anyone who is port scanning a system", according to the
| manpage) also slows down
| internal services because those TCP RST's and ICMP Port Unreachable's
| are never seen.
|
| Is there a way to get the same functionality in PF so I can restrict
| those packets to external interfaces ?
|
| Thanks in advance,
skip on lo0?
- --
** Help China's quake relief at http://www.redcross.org.cn/
|>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Xin LI <delphij@delphij.net> http://www.delphij.net/
FreeBSD - The Power to Serve!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)
iEYEARECAAYFAkg5KAoACgkQi+vbBBjt66ArMwCdHenJHci+folJJjVjvNcajyXl
MjYAoI38do4rJt9U5JG5R96nYd6vNqmA
=5iuk
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4839280B.3000704>