On Thu, 16 Jan 2003, Josh Brooks wrote: <stuff about inserting a machine snipped> > > You know, I keep hearing this ... the machine is a 500 mhz p3 celeron with > 256 megs ram ... and normally `top` says it is at about 80% idle, and > everything is wonderful - but when someone shoves 12,000-15,000 packets > per second down its throat, it chokes _hard_. You think that optimizing > my ruleset will change that ? Or does 15K p/s choke any freebsd+ipfw > firewall with 1-200 rules running on it ?
You and I read the snipped statement differently -- I _thought_ he was saying that you should have two chained firewalls isp-fw1-fw2-<internal net> Have fw1 only do 'deny' things on attacks (with a default allow) and have fw2 do only 'allow' for valid traffic with a 'default deny' for everything else. The class of machine you are talking about can be purchased used for under $100 right now so it wouldn't be that much of an investment money-wise... In fact, fw1 could be a transparent bridge that just dropped dos stuff... Perhaps I'm wrong in my reading, but this might work anyway... Also note that much beefier iron can be purchased for under $500 if you are willing to do a bit of digging and assembly. You might also look at the network cards you have and replace them with different ones. Some driver/card combos are much more efficient than others. I dont know what you have, and I dont know which ones you should consider getting. I use intel (fxp) cards a lot and like them. Can anyone else recommend a NIC that is efficient, at least when used by FreeBSD's drivers? Fred -- Fred Clift - [EMAIL PROTECTED] -- Remember: If brute force doesn't work, you're just not using enough. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
