Is this possible using PF? We are using OBSD 3.6 (and newer if needed) as a network provider to ISPs. Customers southbound have viruses that send out 100 ARPs a second. This loads up the NAT table therefore making the NAT box useless. I am trying to clear the NAT quicker, but this makes other services such as chat useless through NAT. The customers also send out other forms of broadcasts, hence, can PF priortize them?
What suggestions do you have? Right now, the only solution is to put a an L2/L3 router in front of the NAT boxes and route the privates northbound of router and NAT there. But it was nice to have the NAT box within the same VLAN as customers were in. Please let me know any other thoughts you might have. I love OpenBSD and have used it since 2.7. Thanks, Aaron Leach iProvo Network Engineer