Great!
04.10.2012 16:52 ÐÏÌØÚÏ×ÁÔÅÌØ "Henning Brauer"
ÎÁÐÉÓÁÌ:
> * Tyler Morgan [2012-10-02 18:31]:
> > which links to: http://www.openbsd.org/faq/pf/filter.html#synproxy
> > which gets far from saying what Henning said.
>
> this has been fixed.
>
> --
> Henning Brauer, h...@bsws.de, henn...@ope
* Tyler Morgan [2012-10-02 18:31]:
> which links to: http://www.openbsd.org/faq/pf/filter.html#synproxy
> which gets far from saying what Henning said.
this has been fixed.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de, Full-Service ISP
Secure Hosting, Mai
On Tue, Oct 02, 2012 at 09:30, Tyler Morgan wrote:
> I would vote no based on:
>
> http://www.openbsd.org/faq/pf/example1.html
>
> "For an added bit of safety, we'll make use of the TCP SYN Proxy to
> further protect the web server."
>
> which links to: http://www.openbsd.org/faq/pf/filter.html#
I would vote no based on:
http://www.openbsd.org/faq/pf/example1.html
"For an added bit of safety, we'll make use of the TCP SYN Proxy to
further protect the web server."
which links to: http://www.openbsd.org/faq/pf/filter.html#synproxy
which gets far from saying what Henning said.
On 10/2
I think when a lot of newbies read the pf manual, they think oh...
synproxy looks like it does good things, and without really
understanding it, enable it by default?
On Tue, Oct 02, 2012 at 02:33:11PM +0200, Henning Brauer wrote:
> * David Diggles [2012-10-02 13:51]:
> > but is this clear for ne
* David Diggles [2012-10-02 13:51]:
> but is this clear for newbies who read all the faqs?
> On Tue, Oct 02, 2012 at 01:17:03PM +0200, Henning Brauer wrote:
> > it once again comes down to "think before pushing random buttons".
this basic principle SHOULD not need documentation :)
quite serious
On Tue, Oct 02, 2012 at 09:50:36PM +1000, David Diggles wrote:
> but is this clear for newbies who read all the faqs?
Well, it's not default. And almost often that is a sign the option is
not desirable for a typical setup.OB
-0tto
>
> On Tue, Oct 02, 2012 at 01:17:03PM +0200, Henning B
but is this clear for newbies who read all the faqs?
On Tue, Oct 02, 2012 at 01:17:03PM +0200, Henning Brauer wrote:
> * ?? [2012-08-23 08:44]:
> > 2012/8/23 Claudio Jeker
> > > On Thu, Aug 23, 2012 at 12:17:04AM +0600, ??? wrote:
> > > > why syn proxy is not enable
* Илья Шипицин [2012-08-23 08:44]:
> 2012/8/23 Claudio Jeker
> > On Thu, Aug 23, 2012 at 12:17:04AM +0600, ??? wrote:
> > > why syn proxy is not enabled by default ?
> > Because it has bad side-effects. Like accepting a connection before the
> > actual server accepted it. So it is hard t
2012/8/23 Claudio Jeker
> On Thu, Aug 23, 2012 at 12:17:04AM +0600, ??? wrote:
> > Hello!
> >
> >
> > we are running high load https server on OpenBSD, so there are questions
> on
> > performance:
> >
> > since we already had to increase kern.maxclusters value, I guess default
> > OpenBS
On Thu, Aug 23, 2012 at 12:17:04AM +0600, ??? wrote:
> Hello!
>
>
> we are running high load https server on OpenBSD, so there are questions on
> performance:
>
> since we already had to increase kern.maxclusters value, I guess default
> OpenBSD settings are not very well for high load
Can you describe 'high load' ?
On Thu, Aug 23, 2012 at 12:17:04AM +0600, Илья Шипицин wrote:
; Hello!
;
;
; we are running high load https server on OpenBSD, so there are questions on
; performance:
;
; since we already had to increase kern.maxclusters value, I guess default
; OpenBSD settings
Hello!
we are running high load https server on OpenBSD, so there are questions on
performance:
since we already had to increase kern.maxclusters value, I guess default
OpenBSD settings are not very well for high load https server ?
in order to protect our server from denial of service, we can e
13 matches
Mail list logo
