Bug 211380

Summary: [handbook] Add rule to avoid packets that natd divert doesn't need to see
Product: Documentation Reporter: Alan Hicks <ahicks>
Component: Books & ArticlesAssignee: freebsd-doc (Nobody) <doc>
Status: Closed Overcome By Events    
Severity: Affects Only Me Keywords: patch
Priority: ---    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
Patch to add firewall rule to example
none
igor -R test none

Description Alan Hicks 2016-07-26 11:55:16 UTC 
Created attachment 172993 [details]
Patch to add firewall rule to example

natd can have higher utilisation when it sees unnecessary packets.

Adding a rule to send packets out that natd doesn't need to reduces CPU cycles.

For background see
https://lists.freebsd.org/pipermail/freebsd-ipfw/2013-February/005306.html

My testing and implementation reduced ~50% wcpu to < 1%
Comment 1 Alan Hicks 2016-07-26 11:57:33 UTC 
Created attachment 172994 [details]
igor -R test