On 11/02/2013 12:30 AM, Stefan Behte wrote: > Hi, > >> Why would you want to optimize DROP? Do you DROP more packets than you >> ACCEPT? > Yes. The poor servers behind the firewall gets flooded/DDoSed now and then, > so it's a very important use-case for me. The DROP rule I wrote would block a > DNS Amplification attack.
I think the pertinent question is: are you sure that the positioning of the DROP rule at present is actually causing a performance issue, and if so, how did you work that out? Regards, Paul ------------------------------------------------------------------------------ Android is increasing in popularity, but the open development platform that developers love is also attractive to malware creators. Download this white paper to learn more about secure code signing practices that can help keep Android apps secure. http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
