ipfw deprecation
Matthew Dillon
dillon at apollo.backplane.com
Tue Jun 27 11:01:40 PDT 2006
:Incoming bandwidth limitation makes not much sense. There's no local
:queue involved and the transfer did happen already. DOS protection on
:the end-system is difficult...
:
:Joerg
I'd say it is more situational, but still very important. I've used
incoming bandwidth limits on DNS servers. Any UDP service where the
incoming packet is much smaller then the outgoing packet can benefit.
By clamping the input you avoid the situation where your userland server
is grinding cpu to produce an output packet that would otherwise have to
be discarded.
-Matt
Matthew Dillon
<dillon at xxxxxxxxxxxxx>
More information about the Kernel
mailing list