Date: Sun, 21 Nov 2004 10:46:41 +0100 From: "Poul-Henning Kamp" <phk@phk.freebsd.dk> To: Francisco Reyes <lists@natserv.com> Cc: FreeBSD Security List <freebsd-security@freebsd.org> Subject: Re: Importing into rc.firewal rules Message-ID: <20464.1101030401@critter.freebsd.dk> In-Reply-To: Your message of "Sat, 20 Nov 2004 21:09:38 EST." <20041120210256.K27307@zoraida.natserv.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20041120210256.K27307@zoraida.natserv.net>, Francisco Reyes writes: >On Sat, 20 Nov 2004, Poul-Henning Kamp wrote: > >> If the list is long it may be almost as good, if not better, to use >> blackhole routes for it. > >I was not familiar with the term. Looking in Google came up with a link. >However in that link they recommend against that method. > >http://tinyurl.com/5r5cl > >Also any link on how to implement it? route add -host $IP 127.0.0.1 -blackhole >What would be the advantage of that route vs ipfw? It's faster because the route table uses a tree for lookup whereas the firewall is sequential. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20464.1101030401>