state table filled up?

[Greg Hennessy]

> I suspect this may have been my state table filling up.
> 

For a high traffic'd internet facing service such as Freshports, running
pfstat, symon or even the pf snmp mibs loaded into something such as Cacti
is not optional. 

They would have kept track of firewall state table utilisation over time. 

As a short term measure. 

 pfctl -si

will tell you how many entries are in the state table. 


Greg