set limit { states X, frags Y } not working - buggy?
Eduardo Meyer
dudu.meyer at gmail.com
Tue Jan 23 12:38:07 UTC 2007
Hello,
I have some doubts. First let me introduce you my problem. Sometimes,
using pf route-to, the machines behind my NAT box can't start new
sessions/connections, and on the box itself I get "Operation not
permitted" when this problem happens. I suspected it was a limit on
the number of states. Since the problem happens whenever it wants, I
tried to reproduce the behavior lowing down the states limits, and for
my surprise, I get a number of states way too higher than the limit.
Please, see:
# pfctl -s memory
states hard limit 5000
src-nodes hard limit 10000
frags hard limit 2500
# pfctl -s info | grep "current entries"
current entries 13770
What am I confusing here, or this really should not happen?
--
===========
Eduardo Meyer
pessoal: dudu.meyer at gmail.com
profissional: ddm.farmaciap at saude.gov.br
More information about the freebsd-pf
mailing list