9-BETA3 "current entries" growing indefinitely
Florian Smeets
flo at FreeBSD.org
Tue Oct 4 21:39:50 UTC 2011
On 04.10.11 23:06, Bradley W. Dutton wrote:
> Hi,
>
> I just updated an 8-STABLE box to 9-BETA3 and have a problem where PF
> keeps growing the "current entries" indefinitely. I saw another person
> with a similar issue:
> http://groups.google.com/group/mailing.freebsd.current/browse_thread/thread/f350be446d1914d8?pli=1
>
> But I didn't get any reply.
>
> I rebuilt world again once more after the initial 8-STABLE upgrade to
> see if it would fix itself but no luck. My firewall rules haven't
> changed and from what I've read I shouldn't need to change anything for
> this update. Anyone have any ideas? Flusing states will clear out the 34
> states but won't clear the current entries. I've had to do the following
> in pf.conf to keep my home router up for more than a day:
> set limit states 1600000 # this used to be 30k
>
Hi,
this is a known problem, and it's being worked on. A workaround is to
use the pf module and not compile it into the kernel.
HTH,
Florian
More information about the freebsd-pf
mailing list