On Sun, Dec 08, 2002 at 10:20:18AM -0300, Alejandro G. Belluscio wrote: > I don't have an exact understanding of the no-route option. At least > in the following sense: which exactly means to be non routable?
no-route is only meaningful on firewalls that have no default gateway configured. There, it means all addresses that are not reachable through a configured route (part of a network the firewall is connected to). In other words, 'no-route' means 'do a routing table lookup for that destination address, and if you can't find one, the address matches'. If you have a default route, no address is matched by 'no-route', as any address is reachable through the default gateway. As most people will have a default route, no-route is kind of an obscure feature. There's no relation to private address space like 10.0.0.0/8, you'll still have to filter that with $NoRouteIPs or similar, as you mentioned. Daniel
