News: This forum is now permanently frozen.
Pages: [1]
Topic: backhole route option  (Read 4209 times)
« on: July 19, 2009, 00:50:16 »
evilpete *
Posts: 9

in /system_routes_edit.php a checkbox option for blackhole routes would be a useful option .

This will give the ability to blackhole some problem  hosts or networks in a faster and more CPU efficient  manor since the rule will be executed in the IP stack instead of firewall.

for example setting the route:

Interface             WAN         (will be ignored)
Destination network    216.240.44.0/23
Gateway              127.0.0.1      (will be ignored)
Blackhole                YES

sets the route :

       route add -net  216.240.44.0/23  127.0.0.1 -blackhole


Another UI option is to have "BlackHole" as an Interface option and all Destination networks applied to it get blackhole'd


« Reply #1 on: July 21, 2009, 05:31:13 »
cmb *****
Posts: 851

That's no more efficient (and possibly less) than blocking it with firewall rules, you aren't bypassing processing the filter by blackhole routing things, it'll run through the filter regardless of the routing table and before it hits the routing table. I'd just block it.
« Reply #2 on: July 25, 2009, 03:13:55 »
evilpete *
Posts: 9

It has been my experience that black hole routing was "cheaper"  (  but then most of my experience is with the 4.X and 5.X Kernels )
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines