Re: ipfw rules vs routes to localhost?
_at_babolo.ru
Date: 05/30/03
- Previous message: Sreekanth: "RE: gratuitous ARP with em interface."
- In reply to: Paul Chvostek: "ipfw rules vs routes to localhost?"
- Next in thread: Neelkanth Natu: "Re: ipfw rules vs routes to localhost?"
- Reply: Neelkanth Natu: "Re: ipfw rules vs routes to localhost?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Paul Chvostek <paul@it.ca> Date: Fri, 30 May 2003 02:19:47 +0400 (MSD)
> I'm considering:
>
> ipfw add N deny ip from a.b.c.d to any
>
> vs.
>
> route add -host a.b.c.d localhost
>
> I need to block traffic to a number of IP addresses. I thought I'd use
> ipfw to avoid things like UDP DNS lookups that might come in ant take up
> resources while my system tried to respond, but it's been suggested on
> another list that setting routes to localhost will use less resources.
> Ideally, I'd like to be able to block a few tens of thousands of IPs.
>
> What's the scoop?
ipfw with huge list works slow.
Dont try huge route tables.
use in kernel:
pseudo-device disc #Discard device (ds0, ds1, etc)
and
ifconfig ds0 inet 0.0.0.1/32 (or else)
route add -host a.b.c.d 0.0.0.1
instead of localhost
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Sreekanth: "RE: gratuitous ARP with em interface."
- In reply to: Paul Chvostek: "ipfw rules vs routes to localhost?"
- Next in thread: Neelkanth Natu: "Re: ipfw rules vs routes to localhost?"
- Reply: Neelkanth Natu: "Re: ipfw rules vs routes to localhost?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
