FreeBSD does have a -blackhole option to route I believe, we don't
support it however. Feel free to submit patches for whatever you come
up with.
--Bill
On 1/27/07, Wade Blackwell <[EMAIL PROTECTED]> wrote:
Hey guys good morning,
So I don't know how the rules might be subverted but since there is
always that chance i would like to have the option of putting yet another
road block up. This technique is used allot in large organizations, it
usually is done in a much fancier way, with netflow/Sflow and heuristics. I
am taking a more simple approach, I just want to take a blacklist, route all
the addresses on that blacklist to /dev/null in case my Dansguardian
solution is subverted. I am blocking all outbound http/https connections and
forcing the users through a proxy solution.
Bill, I tried routing to loopback but it just adds an extra hop in the
path (not what I expected). So I am sure that i could add an 8,000 line
route add to the rc.local script I was just wondering if there is a more
elegant way to do that. Thanks.
Wade B
On 1/27/07, Bill Marquette <[EMAIL PROTECTED]> wrote:
>
> On 1/26/07, Wade Blackwell <[EMAIL PROTECTED]> wrote:
> > Good afternoon all,
> > Can PF can support blackholing by routing to /dev/null? It doesn't
> > look like the web configurator will let me do that magic, how would one
go
> > about adding and deleting routes for that purpose?
>
> Add a static route (System->Static Routes I think) to 127.0.0.1. That
> should drop it.
>
> --Bill
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
--
Wade Blackwell
253-205-7639
253-288-3750 (fax)
"Integrity is more important than perception management"
"There are two kinds of pain, the pain of change and the pain of never
changing"
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
