On Tue, 2003-09-02 at 19:19, Andres Alla wrote: > On Tuesday 02 September 2003 14:33, Ronny Aasen wrote: > > [....] > > i need to filter/firewall between the 4 nic's to avoid forwarding > > rfc1918 packets to default gw, and filter access to the router itself. > > evrything else is go > > Have you tried blackhole route instead of netfilter for rfc1918 addresses? > > Something like: > # ip route add blackhole 192.168.0.0/16 > > Does anybody know why is this so seldom recommended, is there some serious > shortcomings I am not aware of?
this does sound very interesting.. i supose i can do this in zebra as a static route. as ip route 192.168.0/16 blackhole forinstance ? i am also interested in shortcomings before i implement this :) -- Ronny Aasen <[EMAIL PROTECTED]> ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
