W dniu 2015-08-27 o 15:32, Kolontai Andrej pisze:
The patch provided at https://reviews.freebsd.org/D3503 should help your case.
During a full ruleset reload, taking into account so many rules, you will
impact normal packet processing.
Hence you have the feeling of the box being frozen or not forwarding traffic.
That patch reduces the overhead of reloading a ruleset.
Though even more lock breakdown is necessary on pf(4) but that is another topic.
Sounds great. I'll try that.
Andrej
_______________________________________________
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
Hello,
Dear Andrej
Please let us know, did the provided patch work for you?
I'm experiencing similar problems with 10.2 (r287460M), but my ruleset
is just 45 lines (`pfctl -sr | wc -l`).
Btw. I'm not using CARP/pfsync, just pf and pflog.
Thanks!
Best regards
Krzysiek Barcikowski
_______________________________________________
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
