Re: Importing into rc.firewal rules
From: Poul-Henning Kamp (phk_at_phk.freebsd.dk)
To: Francisco Reyes <firstname.lastname@example.org> Date: Sun, 21 Nov 2004 10:46:41 +0100
In message <20041120210256.K27307@zoraida.natserv.net>, Francisco Reyes writes:
>On Sat, 20 Nov 2004, Poul-Henning Kamp wrote:
>> If the list is long it may be almost as good, if not better, to use
>> blackhole routes for it.
>I was not familiar with the term. Looking in Google came up with a link.
>However in that link they recommend against that method.
>Also any link on how to implement it?
route add -host $IP 127.0.0.1 -blackhole
>What would be the advantage of that route vs ipfw?
It's faster because the route table uses a tree for lookup whereas the
firewall is sequential.
-- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. _______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "firstname.lastname@example.org"