Hello, After I upgraded to 22.03.5 (from 21.03.x), I noticed that the performance was seriously degraded. The reason was that fw4/nftables was not handling a large number of rejections the same way as fw3/iptables. If I disable the log, the router is back to normal. I don't know if fw3 was implicitly limiting the amount of logs (it now generates almost double the number of lines) or the logs are just more expensive, but it introduces a way to DoS a router with logs enabled (much worse than with fw3/iptables).
Is there a workaround for that other than disabling logs? log_limit does not seem to be supported by fw4: https://git.openwrt.org/?p=project/firewall4.git;a=blob;f=root/usr/share/ucode/fw4.uc;h=06ef932c8a501bbc057669629d3b8ebeabde4aa7;hb=HEAD#l1997 Although the wiki firewall doc still mentions log_limit. Would it be too complex to implement a log limit for fw4? Regards, --- Luiz Angelo Daros de Luca luizl...@gmail.com _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
