<p>Lucky for you we have 4.8</p>
<div class="gmail_quote">On Jun 25, 2014 11:05 PM, "Predrag Punosevac" <<a href="mailto:punosevac72@gmail.com">punosevac72@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Zachary Crownover <<a href="mailto:zachary.crownover@gmail.com">zachary.crownover@gmail.com</a>> wrote:<br>
<br>
> Are you able to post your pf.conf? It could be the way you have it<br>
> configured, because I'm using it in numerous systems and don't see any<br>
> degradation in network performance.<br>
><br>
<br>
Here it is. I had very hard time recalling pre 4.5 syntax :)<br>
<br>
ext_if="em0"<br>
<br>
NoRouteIPs="{<a href="http://127.0.0.0/8" target="_blank">127.0.0.0/8</a>, <a href="http://240.0.0.0/4" target="_blank">240.0.0.0/4</a>, <a href="http://0.0.0.0/8" target="_blank">0.0.0.0/8</a>, <a href="http://169.254.0.0/16" target="_blank">169.254.0.0/16</a>}"<br>
table <bruteforce> persist<br>
table <sshguard> persist<br>
<br>
tcp_services = "{ssh, http, https, submission, 8080}"<br>
udp_services = "{domain, ntp}"<br>
<br>
<br>
set limit states 100000<br>
set block-policy return<br>
set optimization normal<br>
set loginterface egress<br>
set skip on lo<br>
<br>
scrub in all<br>
<br>
# filter rules<br>
block all<br>
block quick from <bruteforce><br>
block in quick on egress proto tcp from <sshguard> \<br>
to any port ssh label "ssh bruteforce"<br>
<br>
antispoof quick for { lo }<br>
<br>
block drop in quick from urpf-failed to any<br>
block in on ! lo0 proto tcp to port 6000:6010<br>
<br>
pass out on $ext_if inet proto tcp from any to any port $tcp_services<br>
keep state<br>
pass out on $ext_if inet proto udp from any to any port $udp_services<br>
pass log on $ext_if inet proto tcp from any to any port ssh \<br>
flags S/SA keep state \<br>
(max-src-conn 100, max-src-conn-rate 15/5, \<br>
overload <bruteforce> flush global)<br>
<br>
<br>
<br>
><br>
> On Wed, Jun 25, 2014 at 10:21 PM, Predrag Punosevac <<a href="mailto:punosevac72@gmail.com">punosevac72@gmail.com</a>><br>
> wrote:<br>
><br>
> > I am running<br>
> ><br>
> > backup1# uname -a<br>
> > DragonFly <a href="http://backup1.int.autonlab.org" target="_blank">backup1.int.autonlab.org</a> 3.8-RELEASE DragonFly v3.8.1-RELEASE<br>
> > #16: Mon Jun 16 21:36:15 PDT 2014<br>
> > <a href="mailto:justin@pkgbox64.dragonflybsd.org">justin@pkgbox64.dragonflybsd.org</a>:<br>
> > /usr/obj/build/home/justin/src/sys/X86_64_GENERIC<br>
> > x86_64<br>
> ><br>
> ><br>
> > After enabling PF network really slows down to the point that server is<br>
> > unusable. ssh login hangs about a minute. It looks very similar to this<br>
> > thread<br>
> ><br>
> > <a href="http://serverfault.com/questions/514046/pf-slows-traffic-extremely-down" target="_blank">http://serverfault.com/questions/514046/pf-slows-traffic-extremely-down</a><br>
> ><br>
> > and as a matter of fact I am using em driver.<br>
> ><br>
> > Has anybody else noticed this?<br>
> ><br>
> > Predrag<br>
> ><br>
> ><br>
><br>
><br>
> --<br>
> Sincerely,<br>
><br>
> Zachary Crownover<br>
> mobile <a href="tel:%28310%29%20487-5573" value="+13104875573">(310) 487-5573</a><br>
</blockquote></div>