On Mon, Feb 24, 2003 at 04:57:17PM -0300, Alexandre Vasconcelos wrote:
>
> How do I know when it's time to do some adjusts for performance on
> ipfilter? what are the most common parameters to adjust? I run FreeBSD,
How are you measuring performance? It depends on what you value.
As far as basic functionality, as long as you arn't loosing
connections because state/NAT tables are full, your probably OK. If
you are loosing connections, then you need to increase the table
sizes.
You may want to increase the log buffer size if you log
a lot and care about minimizing lost log entries.
You probably want to modify default timeouts, but that is a very
subjective thing.
> my o.s. must receive some adjustment too?
If you dont increase the kernel malloc area it is
possible to get "out of memory" failures even though there is lots
of unused memory.
Also you want to use kernel polling and a network device
that has support for it like Intel(fx0). But if you arn't moving a
lot of data through the network it probably doesn't matter much.
-steve
