Created attachment 172993 [details] Patch to add firewall rule to example natd can have higher utilisation when it sees unnecessary packets. Adding a rule to send packets out that natd doesn't need to reduces CPU cycles. For background see https://lists.freebsd.org/pipermail/freebsd-ipfw/2013-February/005306.html My testing and implementation reduced ~50% wcpu to < 1%
Created attachment 172994 [details] igor -R test