Il 02/07/2012 15:51, Giles Coochey ha scritto:
On 02/07/2012 14:37, Tonix (Antonio Nati) wrote:
I would be not so sure about that.
When I gave an inside look at PF, some years ago, I had the
perception filters are evaluated all together in the same place,
despite they are ingoing or outgoing. You can even mix incomin and
outgoing interfaces in the filter flow you design.
As far as I remember PF does let you specify INPUT or OUTPUT
interface, but not INPUT and OUTPUT.
That would be some feat indeed... the output interface isn't known
until the packet has been routed.:-)
It would be nice to know how pfsense acts now on that.
Anyway, I don't feel DoA can be a problem, since connection could be
saturated much before than CPU on the most connections.
Regards,
Tonino
--
Regards,
Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
[email protected]
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
--
------------------------------------------------------------
Inter@zioni Interazioni di Antonio Nati
http://www.interazioni.it [email protected]
------------------------------------------------------------
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
