Thats odd. I test that by flood pinging and otherwise bombing 2.0.x boxes
over 10baseT. 2.1 cleans this up with a netlink device that allows you
to receive the packets that the firewall bounces
> the kernel accounting of packets is implemented is more or less
> a bad joke performancewise.
Its designed for up to about 100 entries. I'd measure its performance
before assuming its a joke BTW. It works fine
Alan