From owner-freebsd-hackers@FreeBSD.ORG  Sun Feb 26 21:05:12 2012
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id BB68E1065672
	for <hackers@freebsd.org>; Sun, 26 Feb 2012 21:05:12 +0000 (UTC)
	(envelope-from julian@freebsd.org)
Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16])
	by mx1.freebsd.org (Postfix) with ESMTP id 8C42F8FC0A
	for <hackers@freebsd.org>; Sun, 26 Feb 2012 21:05:12 +0000 (UTC)
Received: from julian-mac.elischer.org (c-67-180-24-15.hsd1.ca.comcast.net
	[67.180.24.15]) (authenticated bits=0)
	by vps1.elischer.org (8.14.4/8.14.4) with ESMTP id q1QL59Ov090140
	(version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO);
	Sun, 26 Feb 2012 13:05:11 -0800 (PST)
	(envelope-from julian@freebsd.org)
Message-ID: <4F4A9E87.4080807@freebsd.org>
Date: Sun, 26 Feb 2012 13:05:11 -0800
From: Julian Elischer <julian@freebsd.org>
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US;
	rv:1.9.2.27) Gecko/20120216 Thunderbird/3.1.19
MIME-Version: 1.0
To: Bob Bishop <rb@gid.co.uk>
References: <BC3D956B-FD78-4C1B-A4AA-8C33651237B2@gid.co.uk>
In-Reply-To: <BC3D956B-FD78-4C1B-A4AA-8C33651237B2@gid.co.uk>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: hackers@freebsd.org
Subject: o
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Feb 2012 21:05:12 -0000

On 2/26/12 5:34 AM, Bob Bishop wrote:
> Hi,
>
> I'd like to hear from somebody who understands this stuff on the relative merits of blackhole routes vs firewall drop rules for dealing with packets from unwanted sources. I'm particularly interested in efficiency and scalability. Thanks

the key is the word "from".  routes can only be selected on 'TO' 
(destination) where
firewalls can select on any combination of header fields.



> --
> Bob Bishop
> rb@gid.co.uk
>
>
>
>
> _______________________________________________
> freebsd-hackers@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
>
>