On small, embedded computers running ipfw w/kernel nat and device polling enabled (on em ether adapters), I observed the *reported* system load grow very high. When disabling polling on the interfaces, it went back to something normal.
My impression is that the consensus among the core developers concerned with networking is that device polling is an ancient hack and is deprecated. In the case of a DDoS attack, there may be many other things to try - at the infrastructure level - traffic diversion techniques like BGP flowspec, use anycast, etc. On the individual server level, use stateful rules with GRED enabled, dropping most new tcp or udp traffic based on load. That's a topic of its own... - M _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"