Today I found out you can have your own local black hole. And it can eat away all your network packets, so be careful with that.

To create a black hole, we need to add a new entry to the routing table. On modern Linux distributions, this is done with the iproute2 package:

$ sudo ip route add blackhole 10.0.0.0/24

Now, let me tell you a joke: 3 ICMP packets entered a bar black hole:

$ ping -c 3 10.0.0.1
ping: connect: Invalid argument

ssh also shows some interesting messages:

$ ssh 10.0.0.1
ssh: connect to host 10.0.0.1 port 22: Invalid argument

And if we try any address that is far away from the black hole’s event horizon:

$ ssh 10.0.10.1
ssh: connect to host 10.0.10.1 port 22: Connection timed out

$ ping -c 3 10.0.10.1
PING 10.0.10.1 (10.0.10.1) 56(84) bytes of data.

--- 10.0.10.1 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2043ms

According to the ip-route(8) manual, black hole routes are unreachable and the requesters get an EINVAL (error, invalid) error. There are other two types of routes that block connection: unreachable and prohibit. But those don’t sound as cool as black hole 😎

Black holes are useful to deny connections to some IP addresses, similar to what firewalls do.