[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: no-route.



On Sun, Dec 08, 2002 at 10:20:18AM -0300, Alejandro G. Belluscio wrote:
> I don't have an exact understanding of the no-route option. At least
> in the following sense: which exactly means to be non routable?
no-route is only meaningful on firewalls that have no default gateway
configured. There, it means all addresses that are not reachable through
a configured route (part of a network the firewall is connected to).
In other words, 'no-route' means 'do a routing table lookup for that
destination address, and if you can't find one, the address matches'.
If you have a default route, no address is matched by 'no-route', as any
address is reachable through the default gateway. As most people will
have a default route, no-route is kind of an obscure feature.
There's no relation to private address space like 10.0.0.0/8, you'll
still have to filter that with $NoRouteIPs or similar, as you mentioned.
Daniel