* Tony Sarendal <[EMAIL PROTECTED]> [2007-10-20 18:06]: > On 10/20/07, Henning Brauer <[EMAIL PROTECTED]> wrote: > > > > * Tony Sarendal <[EMAIL PROTECTED]> [2007-10-20 13:24]: > > > Once I have a few moments free I'll check the impact of pf with urpf and > > > basic stateless filters > > > filters enabled. Time to go look for a light sabre for my son. > > > > stateless filters? why oh why? they're SLOWER than stateful. far. > > > Stateful filters on an internet router does not seem like a very good > idea to me. Traffic may exit and enter on different devices, it is another > limited resource, and it adds another layer of complexity.
well, we need a knob for lose state tracking to alow these assymetric routing scenarios, it is on my agenda. otherwise, either no filter at all or stteful. stateless is poop. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
