On Sat, 22 Mar 2014 22:39:36 -0700, Julian Elischer wrote:
> reposting with a useful subject line and more comments
>
> On 3/22/14, 10:33 PM, Julian Elischer wrote:
> >
> > in ipfw that's up to you..
> > but I usually put the check-state quite early in my rule sets.
> >
> On 3/22/14, 1:
On 3/23/14, 6:16 AM, Ian Smith wrote:
On Sat, 22 Mar 2014 22:39:36 -0700, Julian Elischer wrote:
> reposting with a useful subject line and more comments
>
> On 3/22/14, 10:33 PM, Julian Elischer wrote:
> >
> > in ipfw that's up to you..
> > but I usually put the check-state quite ea
On Sun, Mar 23, 2014 at 07:47:29AM -0700 I heard the voice of
Julian Elischer, and lo! it spake thus:
>
> comments welcome (bugs expected)
>
>
> /sbin/ipfw table add 13 0.0.0.0/8
> /sbin/ipfw table add 13 10.0.0.0/8
> /sbin/ipfw table add 13 169.254.0.0/16
> /sbin/ipfw table add 13 172.16.0.0/12
At 11:33 PM 3/22/2014, Julian Elischer wrote:
in ipfw that's up to you..
but I usually put the check-state quite early in my rule sets.
I don't, because I want packets to touch as few rules as possible
for the sake of
efficiency. One "check state" can cause an awful lot of work to be done!
On 3/23/14, 8:00 AM, Matthew D. Fuller wrote:
On Sun, Mar 23, 2014 at 07:47:29AM -0700 I heard the voice of
Julian Elischer, and lo! it spake thus:
comments welcome (bugs expected)
/sbin/ipfw table add 13 0.0.0.0/8
/sbin/ipfw table add 13 10.0.0.0/8
/sbin/ipfw table add 13 169.254.0.0/16
/sbin
On 3/23/14, 7:56 AM, Brett Glass wrote:
At 11:33 PM 3/22/2014, Julian Elischer wrote:
in ipfw that's up to you..
but I usually put the check-state quite early in my rule sets.
I don't, because I want packets to touch as few rules as possible
for the sake of
efficiency. One "check state" can
Thanks, Julian, this is sort of independent confirmation of something
I've been doing. I've heard folks complain about efficiency of NAT
(more so when using natd/DIVERT), and then saw that they matched every
packet on a nat rule - 2 or 4 times.
Some things I abstract from this:
Use tables for li
On 3/23/14, 10:08 AM, Michael Sierchio wrote:
Thanks, Julian, this is sort of independent confirmation of something
I've been doing. I've heard folks complain about efficiency of NAT
(more so when using natd/DIVERT), and then saw that they matched every
packet on a nat rule - 2 or 4 times.
Some
On Sun, Mar 23, 2014 at 4:31 PM, Julian Elischer wrote:
> but disabled rules still have a cost I believe as hey still need to be
> traversed,
> unless someone has been very smart..
This I did not know. I don't have many, but it's a small
disappointment, if true.
> It's a pitty that you need to
On Mon, Mar 24, 2014 at 1:14 AM, Michael Sierchio wrote:
> On Sun, Mar 23, 2014 at 4:31 PM, Julian Elischer
> wrote:
>
> > but disabled rules still have a cost I believe as hey still need to be
> > traversed,
> > unless someone has been very smart..
>
> This I did not know. I don't have many, but
Dear all,
I meet a problem that is ping another machine with Dummynet(bw 1Mbit/s
delay=10ms and plr=0.10). It says ping: sendto: No buffer space available.
I changed kern.ipc.nmbclusters and kern.ipc.nsfbufs from default to 32768.
The problem still happens.
PING 192.168.8.110 (192.168.8.110):
11 matches
Mail list logo
