Date: Thu, 16 Jan 2003 16:52:50 -0700 From: Nate Williams <nate@yogotech.com> To: "."@babolo.ru Cc: Terry Lambert <tlambert2@mindspring.com>, Nate Williams <nate@yogotech.com>, Josh Brooks <user@mail.econolodgetulsa.com>, Sean Chittenden <sean@chittenden.org>, freebsd-hackers@FreeBSD.ORG Subject: Re: FreeBSD firewall for high profile hosts - waste of time ? Message-ID: <15911.17874.521794.845687@emerger.yogotech.com> In-Reply-To: <200301162351.h0GNpnPC002685@aaz.links.ru> References: <3E274081.F2D2F873@mindspring.com> <200301162351.h0GNpnPC002685@aaz.links.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
> > In any case, he's got something else strange going on, because > > his load under attack, according to his numbers, never gets above > > the load you'd expect on 10Mbit old-style ethernet, so he's got > > something screwed up; probably, he has a loop in his rules, and > > a packet gets trapped and reprocessed over and over again (a > > friend of mine had this problem back in early December). > > If I remember correctly he has less then 10Mbit > uplink and a lot of count rules for client accounting. Ahh, I remember now. Good point. > It is reason I recommend him to use userland accounting. Or another (separate) box inline with the original firewall for accounting. > And as far as I understand a lot of count rules is > the reason for trouble. If this is the case, then I agree. A firewall that is under attack should only be used as a firewall, not an accounting tool. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15911.17874.521794.845687>