On (2002/10/28 17:13), David F. Newman wrote: > So what is happening here is that my SMTP relay, 63.208.138.168, is > opening a connection to 12.9.224.52 on port 25 and the response > is being blocked. I get about 3000 of these a day and they are only > from 1 or 2 hosts which leads me to believe that it isn't the state > table filling up.
ipfstat -s will tell you for sure whether your state table is filling up. > I do have this rule for allowing outbound connections. > > pass out quick on hme0 proto tcp from 63.208.138.168/32 to any keep state It's missing "flags S", so I'd say your state table is filling up. Ciao, Sheldon.
