2001-Jun-06
Started to write a bpf(4) program for my own IP filter. Then I learned that I would still need to do kernel code to work with it.Related to this desire to drop packets, I was told about route's -blackhole option. (I had heard about using route to stop traffic, but not about RTF_BLACKHOLE which silently discard pkts during updates.)
route add -host 210.12.46.3 127.1 -blackhole route add -net 202.85.160.0/19 127.1 -blackholeThis stopped new connections, but current connections still work. Also, interesting is that netstat shows the BLACKHOLE routes and can show how many attempts ("netstat -rnvv | grep B").