[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf.conf: broadcast and network address filtering + "no-route" key word



Daniel Hartmeier <daniel_(_at_)_benzedrine_(_dot_)_cx> writes:

> "not routable" in this context means that the firewall itself has no
> approriate routing table entry for that destination. In other words, all
> addresses for which you'd get a 'no route to host' error when you'd try
> to ping it. If you have a default gateway, no address is unroutable.

This sounds immensely useful for a defaultless BGP router, where it
would make sense to say:

    block in log quick from no-route to any

I'll try that if ever one of my firewalls need to talk BGP!  :-)

-- 

Arvid



Visit your host, monkey.org