PF is blocking inbound/outbound ssh, nothing else
Gavin Spomer
spomerg at cwu.EDU
Wed Sep 3 01:19:49 UTC 2008
>>> Alex Trull <alex at trull.org> 09/02/08 3:22 PM >>>
> > Gavin,
> >
> > Could mean you've maxed out your connection states pf
> >
> > if you've got a default amount of states, that means a 10k
> > state limit - check the output of the following for the
> > current states:
> >
> > pfctl -s all | grep current
> >
> > if it's at 10k or thereabouts, raise it :)
Thanks Alex. It says current entries is 0. What does that mean?
> > set limit { states 20000 }
> >
> > obviously, 20000 may still be too small, see how it scales
> > once you've raised the limits.
I tried setting it all the way to 100000. Still no change.
> >
> > You may also have run out of source ports, but that is
> > another kettle of fish.
What do you mean by that? If this part is not relevant to this list, could you please email off-list, maybe point me in the right direction? If you are referring to tcp/udp ports, I am running a LOT of stuff on this server!
> > --
> > Alex
Obviously I'm still quite the newb to pf, so I'll look at some more info... do my homework. The "pfctl -s all" is a great tip. Thanks. Looks like lots of good info there, just need to figure out what it all means. :)
- Gavin
More information about the freebsd-pf
mailing list