We have a firewall with OpenBSD 6.0 amd64 that handles about 1.5 Gbps of
traffic.
I noticed that from a few weeks the number of states is increased from
around 250.000 to almost 2 millions (no change in PF config)!
At the same time the firewall started loosing a few packets (around
1-2%, with peeks of 4%). Maybe this is due to too many states to handle?
How can we find what's happening and creates all these states?
How can we analyse almost 2 millions states to find the culprit?
Here it is the current output of "pfctl -s info":
Status: Enabled for 13 days 23:14:21 Debug: err
State Table Total Rate
current entries 1706364
searches 354572035074 293796.9/s
inserts 13973210023 11578.1/s
removals 13971503659 11576.7/s
Counters
match 14218985893 11781.8/s
bad-offset 0 0.0/s
fragment 60057 0.0/s
short 64825 0.1/s
normalize 574469 0.5/s
memory 0 0.0/s
bad-timestamp 0 0.0/s
congestion 4711605 3.9/s
ip-option 534 0.0/s
proto-cksum 0 0.0/s
state-mismatch 455 0.0/s
state-insert 6598 0.0/s
state-limit 0 0.0/s
src-limit 0 0.0/s
synproxy 0 0.0/s
translate 0 0.0/s
no-route 0 0.0/s
Thank you for any suggestion.