On Fri, Mar 7, 2008 at 4:40 PM, Lorenz Helleis <[EMAIL PROTECTED]> wrote: > This is an internal firewall... I think the entry in the table session is > desapearing, so the client needs to make > another conection. I´m thinking > about create a stateless rule.
I suspect this will only decrease your packet rates. From what I understand, state table lookups are MUCH cheaper than rule table lookups. Also, the congestion count increases (from memory) when the nic can't send packets, you might look at increasing then net.inet.ip.intr_queue_maxlen sysctl if net.inet.ip.intr_queue_drops is showing a non-zero value (which it likely is if you are pushing 400kpps w/out increasing the queue). BTW, what version of FreeBSD, I didn't see it already mentioned in the thread. --Bill _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
