Re: Importing into rc.firewal rules

• Previous message: Andrew Konstantinov: "Re: Importing into rc.firewal rules"
• In reply to: Francisco Reyes: "Re: Importing into rc.firewal rules"
• Next in thread: Matthew Seaman: "Re: Importing into rc.firewal rules"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Francisco Reyes <lists@natserv.com>
Date: Sun, 21 Nov 2004 10:46:41 +0100

In message <20041120210256.K27307@zoraida.natserv.net>, Francisco Reyes writes:
>On Sat, 20 Nov 2004, Poul-Henning Kamp wrote:
>
>> If the list is long it may be almost as good, if not better, to use
>> blackhole routes for it.
>
>I was not familiar with the term. Looking in Google came up with a link.
>However in that link they recommend against that method.
>
>http://tinyurl.com/5r5cl
>
>Also any link on how to implement it?

        route add -host $IP 127.0.0.1 -blackhole

>What would be the advantage of that route vs ipfw?

It's faster because the route table uses a tree for lookup whereas the
firewall is sequential.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Andrew Konstantinov: "Re: Importing into rc.firewal rules"
• In reply to: Francisco Reyes: "Re: Importing into rc.firewal rules"
• Next in thread: Matthew Seaman: "Re: Importing into rc.firewal rules"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]