Losing connections/performance with PF turned on
Greg Hennessy
Greg.Hennessy at nviz.net
Thu Jul 5 10:16:46 UTC 2007
>
> We're doing some stress testing on our server,
CPU ? Memory ?
> and noticed that when
> we turn PF on, we lose connections and have a drastic reduction in
> performance.
>
> We used SIEGE for 120 seconds, 50 connections, on req/conn
>
[snip]
> # --- DEFAULT POLICY
> block log all
>
What drops are you seeing in the firewall logs for the missing connections ?
Are you monitoring the number of entries in the state table with pfctl -si ?
The default is iirc 10k, a benchmarking tool can easily chew through this.
Greg
More information about the freebsd-pf
mailing list