> > In any case, he's got something else strange going on, because > > his load under attack, according to his numbers, never gets above > > the load you'd expect on 10Mbit old-style ethernet, so he's got > > something screwed up; probably, he has a loop in his rules, and > > a packet gets trapped and reprocessed over and over again (a > > friend of mine had this problem back in early December). > > If I remember correctly he has less then 10Mbit > uplink and a lot of count rules for client accounting.
Ahh, I remember now. Good point. > It is reason I recommend him to use userland accounting. Or another (separate) box inline with the original firewall for accounting. > And as far as I understand a lot of count rules is > the reason for trouble. If this is the case, then I agree. A firewall that is under attack should only be used as a firewall, not an accounting tool. Nate To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message