> First thing--I don't know why you are seeing this error from 'ip > route get'. This should return the real route chosen. You could > always try the ping and then check the route cache. This should > help you identify the actual route chosen. > > Here's what's happening. > > - kernel gets packet and needs to select a route > - according to rule 0, we look up in table local > - perform route lookup in table local--no match! > - according to rule 50, we look up in table bluff > - perform route lookup in table local--no match! > - according to rule 32767, we look up in table main > - perform route lookup in table main-- MATCH! > - route packet out default gateway > > If you add a route to table bluff as follows, you should effectively > prevent 192.168.5.0/24 from reaching any network other than > 192.168.5.0/24. > > ip route add blackhole default table bluff thanks a lot for the explanation. This definitely solved my doubts. The only remainig problem is the 'ip route get' error. I'm sure that in some moments yesterday I culd get an answer, now it always give errors, independent from the rule set... sandro *:-) -- Sandro Dentella *:-) e-mail: sandro@xxxxxxxx http://www.tksql.org TkSQL Home page - My GPL work _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
