Date: Sat, 26 Jan 2008 21:56:24 +0100 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Stefan Lambrev <stefan.lambrev@moneybookers.com> Cc: freebsd-current@freebsd.org Subject: Re: FreeBSD 7, bridge, PF and syn flood = very bad performance Message-ID: <86tzl0mhl3.fsf@ds4.des.no> In-Reply-To: <479B9D97.9080407@moneybookers.com> (Stefan Lambrev's message of "Sat\, 26 Jan 2008 22\:52\:39 %2B0200") References: <479A2389.2000802@moneybookers.com> <86bq78nx9l.fsf@ds4.des.no> <479B9D97.9080407@moneybookers.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Stefan Lambrev <stefan.lambrev@moneybookers.com> writes: > Dag-Erling Sm=C3=B8rgrav <des@des.no> writes: > > Try "synproxy state" instead of "keep state". > From man pf.conf - Rules with synproxy will not work if pf(4) operates > on a bridge(4). Hmm, why are you experiencing a SYN flood on a bridge? I assume the bridge is inside your network, and the attack comes from outside your network, in which case you should stop it at the entry point. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86tzl0mhl3.fsf>