On Tue, Jan 08, 2008 at 12:03:00PM -0600, Vernon A. Fort wrote: > From a discussion with a really good network resource i have, most of > the modern day routers/switch's do NOT block the packets, they just > throttle in order to keep the network functional. My initial thought > was i missed something in the underlying kernel configuration but i am > leaning towards and QoS setup so as to achieve the throttling aspect OR > would this be a combination of both?
Worrying about the specific possibility of bogus traffic from a broken device is futile if you don't also worry about the possibility of bogus traffic from broken software, which is more likely to look like a udp flood. If you're going to deal with one, you pretty much need to deal with them all, and that means QoS. A simple SFQ would probably suffice. ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
