Hi, thanks for the patch! Wouldn't it be nicer to have user-created DROP rules always in mangle? Also, I'd like not to distribute rules between several files, it's going to be a bit confusing.
Best regards, Stefan Behte -----Ursprüngliche Nachricht----- Von: Tom Eastep [mailto:[email protected]] Gesendet: Montag, 4. November 2013 02:06 An: [email protected] Betreff: Re: [Shorewall-devel] Shorewall DROP performance On 11/3/2013 10:21 AM, Stefan Behte wrote: > Hi, > >> What percentage of the incoming packets in your test matched the DROP >> rule? > > 100% in my testing environment. In production during DDoS, probably 99% or so. > >> What other rules do you have in the mangle table? > > None (except the ones shorewall created). > Attached is a patch which allows DROP rules to be defined in the tcrules file. That will have to do. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Android is increasing in popularity, but the open development platform that developers love is also attractive to malware creators. Download this white paper to learn more about secure code signing practices that can help keep Android apps secure. http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
