Date: Fri, 30 May 2003 02:19:47 +0400 (MSD) From: "."@babolo.ru To: Paul Chvostek <paul@it.ca> Cc: freebsd-net@freebsd.org Subject: Re: ipfw rules vs routes to localhost? Message-ID: <1054246787.649875.6873.nullmailer@cicuta.babolo.ru> In-Reply-To: <20030528045154.GA95572@mail.it.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
> I'm considering: > > ipfw add N deny ip from a.b.c.d to any > > vs. > > route add -host a.b.c.d localhost > > I need to block traffic to a number of IP addresses. I thought I'd use > ipfw to avoid things like UDP DNS lookups that might come in ant take up > resources while my system tried to respond, but it's been suggested on > another list that setting routes to localhost will use less resources. > Ideally, I'd like to be able to block a few tens of thousands of IPs. > > What's the scoop? ipfw with huge list works slow. Dont try huge route tables. use in kernel: pseudo-device disc #Discard device (ds0, ds1, etc) and ifconfig ds0 inet 0.0.0.1/32 (or else) route add -host a.b.c.d 0.0.0.1 instead of localhost
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1054246787.649875.6873.nullmailer>