The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 |
Newsgroups: comp.unix.bsd.openbsd.misc
From: Steven Schneider <steven_schnei...@telus.net>
Date: Sun, 30 Apr 2006 00:54:48 GMT
Local: Sun, Apr 30 2006 10:54 am
Subject: Re: PF inadequacy: queue download
* kestas....@gmail.com <kestas....@gmail.com> [2006-04-29]:
>> I haven't heard of any firewall that successfully could. If you're Obviously, I misunderstood. It's still true that the queuing >> being DDOSd, you're being DDOSd. No firewall with any special set >> of rules can improve your bandwidth in that case. If the pipe is >> filled, it's filled. > Yes, if you're being DDoSed then incoming traffic shaping won't do > anything, but if you're using TCP streams from cooperative hosts you > can shape incoming traffic very effectively; you drop packets, sender > realises packets are getting lost, sender slows down sending packets. > It works when you use the hack of queueing on the internal interface > when you're using NAT, it clearly works, so why can't you do it on a > single interface? actually occurs on your side of the firewall, and that it has to be on the outbound traffic. Now I might still be wrong, but I think that you want to control You may also want to look at I've found both of these sites to be sources of useful PF info. :-) -- You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
| |||||||||||||