On 2007/10/16 15:12, Russell Fulton wrote: > I have a couple of questions: > > * Is there any tuning that we can do to improve performance of pf
Here's an article about PF optimization; http://www.undeadly.org/cgi?action=article&sid=20060927091645 and one about the improvements in OpenBSD 4.2; http://www.openbsd.org/papers/cuug2007/mgp00001.html > * how can we best monitor performance for things like dropped > packets etc. > > I know about pfctl -s.... but this does not give any indication whether > or not packets are being dropped (unless I've missed it which is always > possible). If you have 'congestion' in pfctl -si, increase the net.inet.ip.ifq.maxlen sysctl (in 4.2 the default is now 256, you may need to go a bit higher if the congestion counter still increases).
