On Wed, Apr 9, 2008 at 11:46 PM, Kevin Wilcox [EMAIL PROTECTED] wrote:
Hannah Schroeter wrote:
By weatherproof, I plan to stick it on my motorcycle luggage where it will
be exposed to sun, rain, snow, ice and 120km/h+ winds.
I wouldn't mind one for my bicycle. I was thinking of using the
On 2/25/08, Paul de Weerd [EMAIL PROTECTED] wrote:
On Mon, Feb 25, 2008 at 03:25:24PM +1100, Darren Spiteri wrote:
| That's an interesting and subtle use of PF tags, pity it's not in the PF
doco.
PF is not limited by what's in the documentation. It's just a tool and
it's limited by your
block quick from bad
block quick to bad
On 2/25/08, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Currently I'm blackholing and rejecting some traffic with route add
-reject/-blackhole address 127.0.0.1; this works fine, but bounces all the
rejected/blackholed traffic to the loopback interface.
Tags are for assigning trust between interfaces, for instance to
prevent traffic from WWW DMZ from leaking into the trusted LAN. As the
FW traffic is explicitly from the FW out a specified interface, as
shown by your rule, then it doesn't need to have trust assigned to it
as only one interface is
On 2/25/08, Henning Brauer [EMAIL PROTECTED] wrote:
* Darren Spiteri [EMAIL PROTECTED] [2008-02-24 15:11]:
Tags are for assigning trust between interfaces, for instance to
prevent traffic from WWW DMZ from leaking into the trusted LAN.
that is ONE use of them, but certaily not the only
That's an interesting and subtle use of PF tags, pity it's not in the PF doco.
On 2/25/08, Claer [EMAIL PROTECTED] wrote:
For example, I use tags for QoS inside IPSEC. It's documented in
ipsec.conf(5)
On Feb 13, 2008 11:08 AM, Ted Unangst [EMAIL PROTECTED] wrote:
On 2/12/08, Darren Spiteri [EMAIL PROTECTED] wrote:
This is irrelevant on a firewall/router.
Sorry, you are wrong. I can achieve much higher throughput per
connected state by tweaking recvspace and sendspace.
then your
On Feb 13, 2008 1:40 AM, Stuart Henderson [EMAIL PROTECTED] wrote:
On 2008/02/13 01:04, Darren Spiteri wrote:
Try tweaking this sysctl: net.inet.tcp.recvspc
Give it sysctl -w net.inet.tcp.recvspace=262144 and run your tests.
Tweak it down from there.
This is irrelevant on a firewall
On Feb 13, 2008 1:36 PM, David Higgs [EMAIL PROTECTED] wrote:
What's your definition of network performance?
What's your delineation between a firewall and a router?
I believe Ted's point is that receiving and sending packets (i.e.
using it as an endpoint) is the job of a server, not a
On Feb 13, 2008 2:12 PM, bofh [EMAIL PROTECTED] wrote:
On Feb 12, 2008 9:47 PM, Darren Spiteri [EMAIL PROTECTED] wrote:
Firewalls that have proxy software operate as both client and server.
This is now going into the silly place. David Higgs told you what is the
definition of network
On Feb 13, 2008 2:28 PM, David Higgs [EMAIL PROTECTED] wrote:
Unless I'm massively wrong about what net.inet.tcp.* is used for, this
indicates that the parent was NOT testing throughput as one would
typically define it for a router/firewall. He was testing his box's
ability to send and
[EMAIL PROTECTED] wrote:
On 2/12/08, Darren Spiteri [EMAIL PROTECTED] wrote:
I don't know why or how this poorly documented sysctl works, but the
result speaks for itself. Note the dramatic throughput increase of the
parent.
running netperf on a firewall is a poor test of forwarding
My 1750s sit on the IPMI probe as well, but I don't think it's
abnormal. I've also experienced the :sd0 not queued hang and it's a
serious problem as CARP doesn't failover. The only workaround I've
found is to check userspace from another box and force failover.
On Feb 12, 2008 7:04 AM, Beavis
I updated my i386 3.8 system to 3.9 and noticed that my ALTQ rules
wouldn't load on de0 de(4), giving error:
pfctl: de0: driver does not support altq
ALTQ worked before and I can't see any explicit notice of was this
changed on purpose. Has anyone else come across this?
I updated my i386 3.8 system to 3.9 and noticed that my ALTQ rules
wouldn't load on de0 de(4), giving error:
pfctl: de0: driver does not support altq
ALTQ worked before and I can't see any explicit notice of this being
disabled on purpose. Has anyone else come across this?
15 matches
Mail list logo
