Steve Langdon wrote: > Sten, thanks for helping me. > > Another question: ``route -blackhole' is the same thing like ``arp -S [IP] > 00:00:00:00:00'? So packet will ignore on router. Or not? > > -blackhole would drop any packets matching that route. That is, it drops packets coming from say the internet going to the user in question. It will not block packets coming from the user and going to the internet. This would open up for the possibility of flooding attacks from the user.
Perhaps a better solution would be to use address lists in ipfw or pf and drop all traffic to and from a particular ip address. ipfw can also filter on mac addresses, which could help a potential ip stealing issue without the hazards of using static arp. Just a thought. -- Sten Daniel Sørsdal _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
