> On Thu, 16 Jan 2003, Josh Brooks wrote: > > <stuff about inserting a machine snipped> > > > > You know, I keep hearing this ... the machine is a 500 mhz p3 celeron with > > 256 megs ram ... and normally `top` says it is at about 80% idle, and > > everything is wonderful - but when someone shoves 12,000-15,000 packets > > per second down its throat, it chokes _hard_. You think that optimizing > > my ruleset will change that ? Or does 15K p/s choke any freebsd+ipfw > > firewall with 1-200 rules running on it ? > > > You and I read the snipped statement differently -- I _thought_ he was > saying that you should have two chained firewalls > > isp-fw1-fw2-<internal net> The load in case is really low, so one box with more powerful CPU is better then two boxes with anaemic CPUs.
> Have fw1 only do 'deny' things on attacks (with a default allow) and have > fw2 do only 'allow' for valid traffic with a 'default deny' for everything > else. The class of machine you are talking about can be purchased used > for under $100 right now so it wouldn't be that much of an investment > money-wise... In fact, fw1 could be a transparent bridge that just > dropped dos stuff... > > Perhaps I'm wrong in my reading, but this might work anyway... Also note > that much beefier iron can be purchased for under $500 if you are willing > to do a bit of digging and assembly. You might also look at the network > cards you have and replace them with different ones. Some driver/card > combos are much more efficient than others. I dont know what you have, > and I dont know which ones you should consider getting. I use intel (fxp) > cards a lot and like them. -- @BABOLO http://links.ru/ To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
