Hi, On Thu, 22.02.2007 at 22:36:21 +0100, Joachim Schipper <[EMAIL PROTECTED]> wrote: > Just filtering aggressively using pf works as well, of course.
it depends. My current impression is that if you can get away with having the TCP stack reject packets w/o spending the effort of running it through pf, than that's a performance benefit. But I'm not sure that the person asking will be in such a situation. Best, --Toni++
