From owner-freebsd-net@FreeBSD.ORG Tue May 27 21:51:54 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D377937B401 for ; Tue, 27 May 2003 21:51:54 -0700 (PDT) Received: from haggis.it.ca (haggis.it.ca [216.126.86.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0774743F3F for ; Tue, 27 May 2003 21:51:54 -0700 (PDT) (envelope-from paul@haggis.it.ca) Received: from haggis.it.ca (paul@localhost [127.0.0.1]) by haggis.it.ca (8.12.9/8.12.9) with ESMTP id h4S4psHX098131 for ; Wed, 28 May 2003 00:51:55 -0400 (EDT) (envelope-from paul@haggis.it.ca) Received: (from paul@localhost) by haggis.it.ca (8.12.9/8.12.6/Submit) id h4S4psnQ098130 for freebsd-net@freebsd.org; Wed, 28 May 2003 00:51:54 -0400 (EDT) (envelope-from paul) Date: Wed, 28 May 2003 00:51:54 -0400 From: Paul Chvostek To: freebsd-net@freebsd.org Message-ID: <20030528045154.GA95572@mail.it.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.1i Subject: ipfw rules vs routes to localhost? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2003 04:51:55 -0000 I'm considering: ipfw add N deny ip from a.b.c.d to any vs. route add -host a.b.c.d localhost I need to block traffic to a number of IP addresses. I thought I'd use ipfw to avoid things like UDP DNS lookups that might come in ant take up resources while my system tried to respond, but it's been suggested on another list that setting routes to localhost will use less resources. Ideally, I'd like to be able to block a few tens of thousands of IPs. What's the scoop? -- Paul Chvostek Operations / Abuse / Whatever it.canada, hosting and development http://www.it.ca/