svn commit: r191259 - head/sys/netinet
Bjoern A. Zeeb
bz at FreeBSD.org
Mon Apr 20 07:55:08 UTC 2009
[snip]
People, you are missing a few points here:
- if you want to run a DFZ router or do not like flowtables, turn
them off. There is a kernel option for that.
- if you use it and it doesn't perform but you have a valid setup,
tune it.
- if you are under a (D)DoS your least problem most likely is a small
performance drop from the extra flowtable lookup, but you'll be
happy enough if other things do not keel over.
- For an average FreeBSD thingy that does forwarding, say a pfsense
box, maybe a router in front of a few subnets with a some web/mail/dns/..
servers, maybe a box forwarding packets for some SMB, ..
this, may indeed help.
--
Bjoern A. Zeeb The greatest risk is not taking one.
More information about the svn-src-all
mailing list