9-BETA3 "current entries" growing indefinitely
Bradley W. Dutton
brad-fbsd-pf at duttonbros.com
Tue Oct 4 21:22:50 UTC 2011
Hi,
I just updated an 8-STABLE box to 9-BETA3 and have a problem where PF
keeps growing the "current entries" indefinitely. I saw another person
with a similar issue:
http://groups.google.com/group/mailing.freebsd.current/browse_thread/thread/f350be446d1914d8?pli=1
But I didn't get any reply.
I rebuilt world again once more after the initial 8-STABLE upgrade to
see if it would fix itself but no luck. My firewall rules haven't
changed and from what I've read I shouldn't need to change anything
for this update. Anyone have any ideas? Flusing states will clear out
the 34 states but won't clear the current entries. I've had to do the
following in pf.conf to keep my home router up for more than a day:
set limit states 1600000 # this used to be 30k
Thanks,
Brad
pfctl -ss | wc -l
34
pfctl -si
Status: Enabled for 3 days 13:53:17 Debug: Urgent
Interface Stats for em0 IPv4 IPv6
Bytes In 3305522392 0
Bytes Out 425326123 0
Packets In
Passed 3651954 0
Blocked 25784 0
Packets Out
Passed 2919432 0
Blocked 737 0
State Table Total Rate
current entries 229706
searches 45831728 148.2/s
inserts 229706 0.7/s
removals 0 0.0/s
Counters
match 287626 0.9/s
bad-offset 0 0.0/s
fragment 0 0.0/s
short 0 0.0/s
normalize 0 0.0/s
memory 0 0.0/s
bad-timestamp 0 0.0/s
congestion 0 0.0/s
ip-option 0 0.0/s
proto-cksum 0 0.0/s
state-mismatch 264 0.0/s
state-insert 1 0.0/s
state-limit 0 0.0/s
src-limit 62 0.0/s
synproxy 2194 0.0/s
More information about the freebsd-pf
mailing list