From previous discussions (search the archives) this has nothing to do
with userland memory available but to kernel data structures.
Also read pf.conf(5) man page:
OPTIONS
pf(4) may be tuned for various situations using the set command.
interval Interval between purging expired states and
[...snip...]
set limit states 10000
~BAS
On Wed, 20 Jun 2007, Florin Andrei wrote:
I am trying to approximate the maximum number of open TCP connections that an
OpenBSD firewall can support at any given time.
The scenario here is a firewall with 2 interfaces, a bunch of Web servers
behind it on private IP addresses, a fairly simple set of rules (NAT each
server on a public IP address on the external interface, allow HTTP in, deny
the rest).
How much memory is used by every new TCP connection that the firewall needs
to keep track of? Will the firewall run into other problems before it runs
out of memory? Will NAT use memory in the scenario described above?
--
Florin Andrei
http://florin.myip.org/
l8*
-lava (Brian A. Seklecki - Pittsburgh, PA, USA)
http://www.spiritual-machines.org/
"Guilty? Yeah. But he knows it. I mean, you're guilty.
You just don't know it. So who's really in jail?"
~Maynard James Keenan
