can people please stop suggesting to push random buttons they don't understand? this is a prime ewxample.
* Hassan Monfared <[email protected]> [2012-02-22 00:22]: > Hi, > have you tried to set some tuning options in pf.conf & sysctl.conf ? > eg: > for sysctl.conf: > net.inet.ip.ifq.maxlen=512 # Maximum allowed input queue length > (256*number of physical interfaces) that rule of thumb is at least inaccurate. i'm pretty certain i explained the details before and am getting tired of repeating myself over and over. > kern.bufcachepercent=90 # Allow the kernel to use up to 90% of the > RAM for cache (default 10%) that is entirely useless on a firewall. > net.inet.udp.recvspace=131072 # Increase based on your memory > net.inet.udp.sendspace=131072 # Increase based on your memory that is a) obsoleted by the autosizing b) entirely useless for not locally terminated connections anyway I gave the OP some input in private mail which I don't think belongs in public. There is no one-size-fits-all recipe for dealing with DDoS. And I certainly don't want to teach people how to make better DDoS attacks. -- Henning Brauer, [email protected], [email protected] BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
