blackhole in PF possible?
Ighighi Ighighi
ighighi at gmail.com
Sun May 25 08:39:54 UTC 2008
blackhole(4) is hardly a feature if it applies to loopback interfaces
as well. Its intended functionality
("to slow down anyone who is port scanning a system", according to the
manpage) also slows down
internal services because those TCP RST's and ICMP Port Unreachable's
are never seen.
Is there a way to get the same functionality in PF so I can restrict
those packets to external interfaces ?
Thanks in advance,
Igh.
More information about the freebsd-pf
mailing list