Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 26 May 2008 03:44:19 +1930
From:      "Ighighi Ighighi" <ighighi@gmail.com>
To:        freebsd-pf@freebsd.org.
Subject:   blackhole in PF possible?
Message-ID:  <de5dfb5a0805250114m5f141e6ek5dcf83d916bc206f@mail.gmail.com>

next in thread | raw e-mail | index | archive | help
blackhole(4) is hardly a feature if it applies to loopback interfaces
as well.  Its intended functionality
("to slow down anyone who is port scanning a system", according to the
manpage) also slows down
internal services because those TCP RST's and ICMP Port Unreachable's
are never seen.

Is there a way to get the same functionality in PF so I can restrict
those packets to external interfaces ?

Thanks in advance,
Igh.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?de5dfb5a0805250114m5f141e6ek5dcf83d916bc206f>