diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8
index 9197b6b12285..e985fa920c7c 100644
--- a/sbin/ipfw/ipfw.8
+++ b/sbin/ipfw/ipfw.8
@@ -1267,8 +1267,8 @@ packets with source addresses not from this interface.
 .It Cm versrcreach
 For incoming packets,
 a routing table lookup is done on the packet's source address.
-If a route to the source address exists, but not the default route,
-the packet matches.
+If a route to the source address exists, but not the default route
+or a blackhole/reject route, the packet matches.
 Otherwise the packet does not match.
 All outgoing packets match.
 .Pp
diff --git a/sys/netinet/ip_fw2.c b/sys/netinet/ip_fw2.c
index 0b6f754a6e4e..de6abf336754 100644
--- a/sys/netinet/ip_fw2.c
+++ b/sys/netinet/ip_fw2.c
@@ -506,6 +506,12 @@ verify_path(struct in_addr src, struct ifnet *ifp)
 		return 0;
 	}
 
+	/* or if this is a blackhole/reject route */
+	if (ifp == NULL && ro.ro_rt->rt_flags & (RTF_REJECT|RTF_BLACKHOLE)) {
+		RTFREE(ro.ro_rt);
+		return 0;
+	}
+
 	/* found valid route */
 	RTFREE(ro.ro_rt);
 	return 1;