Tag Archives: null

Alternative to null-routing in FreeBSD (using IPFW)

Leave a Reply

Instead of using null-routing, you can use IPFW to block the traffic (the advantages include being able to set the ICMP response type).  My favourite is to use “Communication prohibited by filter” response.

If you wanted to block 192.168.0.1 in this way, you would use:

/sbin/ipfw add 01000 unreach filter-prohib ip from 192.168.0.1 to me

You can also adapt the above to only include certain types of traffic which is where it is more flexible than null-routing.

Null Routing in FreeBSD

2 Replies

Ok Karl… Null routing – real easy 🙂

If you wanted to null route a single IP (192.168.0.1), you would run (as root):

/sbin/route add 192.168.0.1 127.0.0.1 -blackhole

If you wanted to null route a block of IPs (192.168.0.0/24), then use:

/sbin/route add -net 192.168.0.0/24 127.0.0.1 -blackhole

If you would rather generate a “Destination Host Unreachable” ICMP response instead of blackholing the traffic, replace -blackhole with -reject