roy wrote: > IIRC, "ip route bogon/net null0" will filter on near line-rate based on > destination addresses. > > rpf (strict/loose) on the other hand will accomplish a somewhat similar > solution as with your acl to filter packets based on source addresses > consuming less resources (assuming you have [full|known] routes to > desired destinations).
Does loose rpf indeed drop packets sourced from null routes? I know strict does for certain, and is the least intensive method of blocking packets sourced from a particular IP/subnet. Jeff _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
