thanks alot. I've created a new rulesets for my pf.conf, and it improves so much. :)
On Thu, 27 Sep 2007 06:04:49 +0100, Stuart Henderson <[EMAIL PROTECTED]> wrote: > On 2007/09/27 11:51, Reza Muhammad wrote: >> > On Wed, 26 Sep 2007 11:37:28 -0700, "Can E. Acar" > <[EMAIL PROTECTED]> >> > wrote: >> >> Reza Muhammad wrote: >> ... >> > also >> > >> > There is a lot of external broadcast traffic they are probably the > cause >> > of >> > the large number of state insertions/deletions. They are either a > badly >> > designed >> > p2p/broadcast/whatever protocol, or the result of the worm/malware of >> > the month. >> > >> > Can you add >> > >> > block drop in quick on sis0 all >> > >> > at the start of your ruleset? This way the external traffic does not >> > create states at all. >> > >> > Can >> > >> > >> >> Actually I've been noticing that my ISP has been broadcasting a lot of >> things since I've been using them. >> For example, I would get this type of message in /var/log/message all > the >> time: >> Sep 27 10:10:25 blowfish /bsd: arp: attempt to overwrite entry for >> 192.168.1.1 on lo0 by 00:02:6f:3e:14:59 on sis0 >> >> Anyway, about the ruleset, since I'm also running a web server, and mail >> server on this box, I shouldn't use block quick right? > > Ok, in that case, > > block in on sis0 > pass in on sis0 to port {http, smtp} > > etc.