With pf being ported across platforms (Net, Free) etc, what kind of
performance should we expect to find on the other platforms compared to
OpenBSD? I seem to remember the Net and Free releases being slightly
behind Open in terms of features, is this still the case?
Thanks,
Mattias Lindgren
Hmmm... what is the 'pf' response to this problem? I seem to remember
that 3.6 has per IP limits that can be set that perhaps could mitigate
this sort of problem.
Keep the pf specific stuff on this list I'll forward a summary to
unisog.
Russell.
Forwarded Message
From:
On Mon, 21 Feb 2005 12:29:03 -0700, Mattias R. Lindgren
[EMAIL PROTECTED] wrote:
With pf being ported across platforms (Net, Free) etc, what kind of
performance should we expect to find on the other platforms compared to
OpenBSD? I seem to remember the Net and Free releases being slightly
On Tue, 22 Feb 2005 09:02:56 +1300, Russell Fulton
[EMAIL PROTECTED] wrote:
Hmmm... what is the 'pf' response to this problem? I seem to remember
that 3.6 has per IP limits that can be set that perhaps could mitigate
this sort of problem.
I use on my network:
set timeout { adaptive.start
On Tue, Feb 22, 2005 at 09:02:56AM +1300, Russell Fulton wrote:
Hmmm... what is the 'pf' response to this problem? I seem to remember
that 3.6 has per IP limits that can be set that perhaps could mitigate
this sort of problem.
If I understand Jim correctly, he doesn't actually want those
On Mon, 21 Feb 2005 21:46:45 +0100, Daniel Hartmeier
[EMAIL PROTECTED] wrote:
pass in on $lan_if proto tcp from $lan_if:network \
keep state (max-src-conn-rate 50/30, overload infected)
The table infected is initially empty. Whenever a box on the LAN tries
to establish more than
Strange, but see what the log shows after I made the changes in the NAT
rules. This log is about an SSH session I tried to establish with an
Internet host.
Feb 21 17:18:34.821165 rule 25/0(match): pass in on rl1: 192.168.1.21.1441
217.22.55.50.22: S 1042976355:1042976355(0) win 16384
mss
On Mon, Feb 21, 2005 at 03:27:01PM +0100, Mark Prins wrote:
There's probably a simple explanation for this... But when I run pftop
it only displays pftop: DIOCGETSTATUS
This means that the kernel you're running and the pftop binary were
built from different pfvar.h headers.
If you're running
On Fri, Feb 18, 2005 at 09:55:55AM -0800, Proconnex wrote:
In the last few days we've experienced crashes of our
openbsd boxes, sometimes 2 or 3 crashes daily.
Trace output follows:
memset(d0581fc0,42,d5f3b56c,d5f3b544,afe,1242,0,a01,14,0,0,0,1,0,0,4215a558)
at memset+0x3a
