On Tue, Aug 31, 2010 at 1:26 AM, Tom tom.val...@gmail.com wrote:
worked great..
one firewall is 1.2.3 and it was exactly as you mentioned.
the other firewall is 1.2.2 and there is no set skip on pfsync line but I
added it in the same section before the
$rules .= \n;
touched a rule to force
I forgot to mention than when this happens, I can still connect to other IPs
on the same firewall so it seems to be a per IP limit.
On Mon, Aug 30, 2010 at 6:46 PM, Tom tom.val...@gmail.com wrote:
We are running pfSense v: *1.2.2 *and running ejabberd and we are unable
to have more than 10K
pfsrctrpl seems to translate to src-nodes
# pfctl -sm
stateshard limit 20
src-nodes hard limit1
frags hard limit 5000
tableshard limit 1000
table-entries hard limit 10
I can change the src-nodes limit by editing pf.cfg with the following
On Tue, Aug 31, 2010 at 12:43 AM, Tom tom.val...@gmail.com wrote:
pfsrctrpl seems to translate to src-nodes
Edit /etc/inc/filter.inc, find these two lines:
$rules .= \n;
$rules .= set skip on pfsync0\n;
above those, add:
$rules .= set limit src-nodes 23456\n;
or
worked great..
one firewall is 1.2.3 and it was exactly as you mentioned.
the other firewall is 1.2.2 and there is no set skip on pfsync line but I
added it in the same section before the
$rules .= \n;
touched a rule to force the firewall reload and the numbers show up as
expected.
# pfctl -sm