Hi there,
running FreeBSD 6.1 stable with:
ipf: IP Filter: v4.1.13 (416)
Kernel: IP Filter: v4.1.13
Running: yes
Log Flags: 0x20000000 = block
Default: block all, Logging: available
Active list: 1
Feature mask: 0xa
The state table was maxing out
IP states added:
503251 TCP
103500 UDP
63074 ICMP
59277927 hits
31067012 misses
49128 maximum
0 no memory
44 bkts in use
9040 active
166568 expired
494217 closed
Our limits are:
net.inet.ipf.fr_statemax: 9041
net.inet.ipf.fr_statesize: 15370
If we run ipfstat -FS it only clears a few states.. If I run ipfstat -
sl we only see a fraction of the states.
On previous versions ipfstat -FS always knocked the state table to
zero then it started building again.
any suggestions?
Thanks,
--Wes
