Date: Mon, 20 Apr 2009 07:50:27 +0000 (UTC) From: "Bjoern A. Zeeb" <bz@FreeBSD.org> To: src-committers@freebsd.org Cc: Andre Oppermann <andre@freebsd.org>, Kip Macy <kmacy@freebsd.org>, svn-src-all@freebsd.org, Marko Zec <zec@freebsd.org>, Robert Watson <rwatson@freebsd.org>, svn-src-head@freebsd.org Subject: Re: svn commit: r191259 - head/sys/netinet Message-ID: <20090420073548.M15361@maildrop.int.zabbadoz.net> In-Reply-To: <200904200929.57914.zec@freebsd.org> References: <200904190444.n3J4i5wF098362@svn.freebsd.org> <200904200844.12344.zec@freebsd.org> <3c1674c90904200001s1d03c7d8udcd2dd4cf99984fd@mail.gmail.com> <200904200929.57914.zec@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[snip]
People, you are missing a few points here:
- if you want to run a DFZ router or do not like flowtables, turn
them off. There is a kernel option for that.
- if you use it and it doesn't perform but you have a valid setup,
tune it.
- if you are under a (D)DoS your least problem most likely is a small
performance drop from the extra flowtable lookup, but you'll be
happy enough if other things do not keel over.
- For an average FreeBSD thingy that does forwarding, say a pfsense
box, maybe a router in front of a few subnets with a some web/mail/dns/..
servers, maybe a box forwarding packets for some SMB, ..
this, may indeed help.
--
Bjoern A. Zeeb The greatest risk is not taking one.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090420073548.M15361>