From owner-freebsd-hackers@FreeBSD.ORG  Sun Feb 26 21:07:29 2012
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 00D04106564A
	for <hackers@freebsd.org>; Sun, 26 Feb 2012 21:07:29 +0000 (UTC)
	(envelope-from julian@freebsd.org)
Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16])
	by mx1.freebsd.org (Postfix) with ESMTP id C3C2A8FC0A
	for <hackers@freebsd.org>; Sun, 26 Feb 2012 21:07:28 +0000 (UTC)
Received: from julian-mac.elischer.org (c-67-180-24-15.hsd1.ca.comcast.net
	[67.180.24.15]) (authenticated bits=0)
	by vps1.elischer.org (8.14.4/8.14.4) with ESMTP id q1QL7Rd1090148
	(version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO);
	Sun, 26 Feb 2012 13:07:28 -0800 (PST)
	(envelope-from julian@freebsd.org)
Message-ID: <4F4A9F11.9050804@freebsd.org>
Date: Sun, 26 Feb 2012 13:07:29 -0800
From: Julian Elischer <julian@freebsd.org>
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US;
	rv:1.9.2.27) Gecko/20120216 Thunderbird/3.1.19
MIME-Version: 1.0
To: Bob Bishop <rb@gid.co.uk>
References: <BC3D956B-FD78-4C1B-A4AA-8C33651237B2@gid.co.uk>
	<4F4A9E87.4080807@freebsd.org>
In-Reply-To: <4F4A9E87.4080807@freebsd.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: hackers@freebsd.org
Subject: Re: Blackhole routes vs firewall drop rules
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Feb 2012 21:07:29 -0000

let's try that again with the right Subject: line

On 2/26/12 1:05 PM, Julian Elischer wrote:
> On 2/26/12 5:34 AM, Bob Bishop wrote:
>> Hi,
>>
>> I'd like to hear from somebody who understands this stuff on the 
>> relative merits of blackhole routes vs firewall drop rules for 
>> dealing with packets from unwanted sources. I'm particularly 
>> interested in efficiency and scalability. Thanks
>
> the key is the word "from".  routes can only be selected on 'TO' 
> (destination) where
> firewalls can select on any combination of header fields.
>
>
>
>> -- 
>> Bob Bishop
>> rb@gid.co.uk
>>
>>
>>
>>
>> _______________________________________________
>> freebsd-hackers@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
>> To unsubscribe, send any mail to 
>> "freebsd-hackers-unsubscribe@freebsd.org"
>>
>>
>
> _______________________________________________
> freebsd-hackers@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to 
> "freebsd-hackers-unsubscribe@freebsd.org"
>