https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=217997
Max <maxi...@als.nnov.ru> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |maxi...@als.nnov.ru --- Comment #1 from Max <maxi...@als.nnov.ru> --- (In reply to Robert Schulze from comment #0) Hello, Robert. >The problem is, that src-track table grows until no more entries can be > inserted. Although there are no states from a sample ip-address in the state >table, there are still references in the src-track table: > ># pfctl -vsS | grep -A1 $example-address >$example-address -> $www-addr ( states 4, connections 0, rate 0.0/0s ) > age 01:47:25, 4808 pkts, 1713437 bytes, rdr rule 0 > ># pfctl -sS | grep $example-address >(nothing shown) "rdr rule 0". I think it is something related to "sticky-address". Do you have any kernel messages? man pf.conf states: "Note that by default these associations are destroyed as soon as there are no longer states which refer to them; in order to make the mappings last beyond the lifetime of the states, increase the global options with set timeout src.track." And do you have "expires in" counter in "pfctl -vsS" output? -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ freebsd-pf@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"