While waiting for the budget for a cisco router, we've connected a
Solaris 8 machine as our SDSL router. Its working well for our /26
subnet, but we're trying to eliminate routing to RFC1918 networks.
We're using ipfilter to block the addresses, but the question arose
from the cisco knowledgable folks here about the most efficient
routing for "non-routable" addresses. With cisco routers, static
routing can be set up to direct RFC1918 addresses to Null0 or Lo0,
rather than using extra CPU with ACLs.
Is such a thing possible with solaris? Routing to /dev/null doesn't
work, and we can't create additional loopbacks with
# ifconfig plumb lo0:1
ifconfig: lo0:1: bad address
# ifconfig plumb lo1
ifconfig: lo1: bad address
But we can add static routes to lo0 with
route add -net 10.0.0.0 127.0.0.1
Does such a static route save on CPU power, or should we just continue
to let ipfilter deal with some bad clients (gnutella) on the network?