On 3/5/07, Toni Mueller <[EMAIL PROTECTED]> wrote:
Hi,
On Thu, 22.02.2007 at 22:36:21 +0100, Joachim Schipper <[EMAIL PROTECTED]>
wrote:
> Just filtering aggressively using pf works as well, of course.
it depends. My current impression is that if you can get away with
having the TCP stack reject packets w/o spending the effort of running
it through pf, than that's a performance benefit. But I'm not sure that
the person asking will be in such a situation.
if someone sent you a packet they already wasted your bandwidth, so
the only thing you gain is minor performance benefit as the services
in question aren't wasting your RAM.
--
almir
