FreeBSD 7, bridge, PF and syn flood = very bad performance
Dag-Erling Smørgrav
des at des.no
Sat Jan 26 12:56:34 PST 2008
Stefan Lambrev <stefan.lambrev at moneybookers.com> writes:
> Dag-Erling Smørgrav <des at des.no> writes:
> > Try "synproxy state" instead of "keep state".
> From man pf.conf - Rules with synproxy will not work if pf(4) operates
> on a bridge(4).
Hmm, why are you experiencing a SYN flood on a bridge? I assume the
bridge is inside your network, and the attack comes from outside your
network, in which case you should stop it at the entry point.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-current
mailing list