blackhole in PF possible?
Xin LI
delphij at delphij.net
Sun May 25 08:49:36 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ighighi Ighighi wrote:
| blackhole(4) is hardly a feature if it applies to loopback interfaces
| as well. Its intended functionality
| ("to slow down anyone who is port scanning a system", according to the
| manpage) also slows down
| internal services because those TCP RST's and ICMP Port Unreachable's
| are never seen.
|
| Is there a way to get the same functionality in PF so I can restrict
| those packets to external interfaces ?
|
| Thanks in advance,
skip on lo0?
- --
** Help China's quake relief at http://www.redcross.org.cn/
|>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Xin LI <delphij at delphij.net> http://www.delphij.net/
FreeBSD - The Power to Serve!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)
iEYEARECAAYFAkg5KAoACgkQi+vbBBjt66ArMwCdHenJHci+folJJjVjvNcajyXl
MjYAoI38do4rJt9U5JG5R96nYd6vNqmA
=5iuk
-----END PGP SIGNATURE-----
More information about the freebsd-pf
mailing list