From owner-freebsd-pf@FreeBSD.ORG  Sun May 25 14:07:32 2008
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id ECE60106566C
	for <freebsd-pf@freebsd.org>; Sun, 25 May 2008 14:07:32 +0000 (UTC)
	(envelope-from peter@bsdly.net)
Received: from skapet.bsdly.net (cl-426.sto-01.se.sixxs.net
	[IPv6:2001:16d8:ff00:1a9::2])
	by mx1.freebsd.org (Postfix) with ESMTP id A440E8FC18
	for <freebsd-pf@freebsd.org>; Sun, 25 May 2008 14:07:32 +0000 (UTC)
	(envelope-from peter@bsdly.net)
Received: from thingy.bsdly.net
	([10.168.103.11] helo=thingy.bsdly.net.bsdly.net ident=peter)
	by skapet.bsdly.net with esmtp (Exim 4.69)
	(envelope-from <peter@bsdly.net>) id 1K0Gsl-0006nU-8w
	for freebsd-pf@freebsd.org; Sun, 25 May 2008 16:07:31 +0200
To: freebsd-pf@freebsd.org
References: <de5dfb5a0805250114m5f141e6ek5dcf83d916bc206f@mail.gmail.com>
From: peter@bsdly.net (Peter N. M. Hansteen)
Date: Sun, 25 May 2008 16:07:29 +0200
In-Reply-To: <de5dfb5a0805250114m5f141e6ek5dcf83d916bc206f@mail.gmail.com>
	(Ighighi Ighighi's message of "Mon, 26 May 2008 03:44:19 +1930")
Message-ID: <87r6bqqxy6.fsf@thingy.bsdly.net>
User-Agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.4.19 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Subject: Re: blackhole in PF possible?
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 25 May 2008 14:07:33 -0000

"Ighighi Ighighi" <ighighi@gmail.com> writes:

> Is there a way to get the same functionality in PF so I can restrict
> those packets to external interfaces ?

block drop in all on $ext_ifs or something like that would have some
of the desired effect.  not sure how much it actually buys you, but
it's quite similar to blackhole.

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.