ipfw rules vs routes to localhost?
Paul Chvostek
paul at it.ca
Tue May 27 21:51:55 PDT 2003
I'm considering:
ipfw add N deny ip from a.b.c.d to any
vs.
route add -host a.b.c.d localhost
I need to block traffic to a number of IP addresses. I thought I'd use
ipfw to avoid things like UDP DNS lookups that might come in ant take up
resources while my system tried to respond, but it's been suggested on
another list that setting routes to localhost will use less resources.
Ideally, I'd like to be able to block a few tens of thousands of IPs.
What's the scoop?
--
Paul Chvostek <paul at it.ca>
Operations / Abuse / Whatever
it.canada, hosting and development http://www.it.ca/
More information about the freebsd-net
mailing list