On Sun, May 25, 2008 at 9:14 AM, Ighighi Ighighi <[EMAIL PROTECTED]> wrote:
> blackhole(4) is hardly a feature if it applies to loopback interfaces
> as well. Its intended functionality
> ("to slow down anyone who is port scanning a system", according to the
> manpage) also slows down
> internal services because those TCP RST's and ICMP Port Unreachable's
> are never seen.
>
> Is there a way to get the same functionality in PF so I can restrict
> those packets to external interfaces ?
Have a look at "set block-policy" and "block return" in the man page
for pf.conf.
/JMS
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
