From owner-freebsd-current@FreeBSD.ORG Sat Jan 26 20:52:44 2008 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 32E5F16A41A for ; Sat, 26 Jan 2008 20:52:44 +0000 (UTC) (envelope-from stefan.lambrev@moneybookers.com) Received: from blah.sun-fish.com (blah.sun-fish.com [217.18.249.150]) by mx1.freebsd.org (Postfix) with ESMTP id E577713C458 for ; Sat, 26 Jan 2008 20:52:43 +0000 (UTC) (envelope-from stefan.lambrev@moneybookers.com) Received: by blah.sun-fish.com (Postfix, from userid 1002) id 4F6BF1B10EDC; Sat, 26 Jan 2008 21:52:42 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on blah.cmotd.com X-Spam-Level: X-Spam-Status: No, score=-10.3 required=5.0 tests=ALL_TRUSTED,BAYES_00, MIME_8BIT_HEADER autolearn=no version=3.2.3 Received: from [10.1.1.2] (unknown [192.168.25.10]) by blah.sun-fish.com (Postfix) with ESMTP id AEEEA1B10EEE; Sat, 26 Jan 2008 21:52:39 +0100 (CET) Message-ID: <479B9D97.9080407@moneybookers.com> Date: Sat, 26 Jan 2008 22:52:39 +0200 From: Stefan Lambrev User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) MIME-Version: 1.0 To: =?UTF-8?B?RGFnLUVybGluZyBTbcO4cmdyYXY=?= References: <479A2389.2000802@moneybookers.com> <86bq78nx9l.fsf@ds4.des.no> In-Reply-To: <86bq78nx9l.fsf@ds4.des.no> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Virus-Scanned: ClamAV 0.91.2/5562/Sat Jan 26 12:34:23 2008 on blah.cmotd.com X-Virus-Status: Clean Cc: freebsd-current@freebsd.org Subject: Re: FreeBSD 7, bridge, PF and syn flood = very bad performance X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Jan 2008 20:52:44 -0000 Dag-Erling Smørgrav wrote: > Stefan Lambrev writes: > >> Does anyone try to see PF with "keep state" in action when under syn >> flood attack? >> > > Try "synproxy state" instead of "keep state". > > DES > From man pf.conf - Rules with synproxy will not work if pf(4) operates on a bridge(4). My short experience from today shows that synproxy can't handle syn flood with random source IP - 150kpps, but I'll test this after few days.