Hi Olivier, Reading through "Dropping packets at high rate" on bsdrp.org I found a good solution for a project. Unfortunately I could not be 100% sure if the ACL in Chelsio cards is drop-all by default or allow-all by default. I suppose it is allow-all by default. I don't have a spare card at the moment but would like to test if I can drop some packages destined to a server at a given port. Since I have only a production system at the moment I would like to ask you: - is it safe to add rules on the fly in BSDRP? - is it safe to implement drop only rules on a production server without breaking the other traffic (should I have an allow-all in the end)? I would like to test dropping all packets incoming on cxl0 from any host to host 192.168.1.122 with destination port 23. I suppose a rule like the following will do the job:
#cxgbetool t5nex0 filter 10 iport 0 action drop dip 192.168.1.122 dport 23 If I want this persistent I should create a script probably and start it with the system boot? How many rules can I plug in? Regards, Lyubomir
_______________________________________________ Bsdrp-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/bsdrp-users
