On 10/21/07, Henning Brauer <[EMAIL PROTECTED]> wrote: > > * Tony Sarendal <[EMAIL PROTECTED]> [2007-10-20 18:06]: > > On 10/20/07, Henning Brauer <[EMAIL PROTECTED]> wrote: > > > > > > * Tony Sarendal <[EMAIL PROTECTED]> [2007-10-20 13:24]: > > > > Once I have a few moments free I'll check the impact of pf with urpf > and > > > > basic stateless filters > > > > filters enabled. Time to go look for a light sabre for my son. > > > > > > stateless filters? why oh why? they're SLOWER than stateful. far. > > > > > > Stateful filters on an internet router does not seem like a very good > > idea to me. Traffic may exit and enter on different devices, it is > another > > limited resource, and it adds another layer of complexity. > > well, we need a knob for lose state tracking to alow these assymetric > routing scenarios, it is on my agenda. > otherwise, either no filter at all or stteful. stateless is poop.
What will happen when the limit of maximum concurrent states is reached ? Will it stop forwarding new flows ? /Tony
