On Wed, Oct 2, 2019 at 8:58 PM Lennart Sorensen <lsore...@csclub.uwaterloo.ca> wrote: > > Maybe the TEE operation is just that expensive. After all without it, > the kernel can often do zero copy forwarding of packets from one interface > to another. The TEE might be forcing it to copy every single packet > before sending it out two interfaces with different destination addresses.
The shorewall machine that's actually sending out a copy with TEE is NOT experiencing any slowdown at all. It's the receiving IDS host that's coming to a crawl. I'll keep testing. Thanks again for your feedback. Regards, Vieri _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
