[Bug 222126] pf is not clearing expired states
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Sep 28 07:59:21 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222126
--- Comment #26 from hlh at restart.be ---
The first time I detected this problem was when a computer was not allow a
connection to the internet. I check the gateway (the pine64 running CURRENT)
and find the 'PF states limit reached' in /var/log/messages. Then I run pftop
and see that there was a huge number of states.
Reboot the gateway solved the problem. I dig further and find the workaround.
I add
set limit { states 30000, src-nodes 20000, frags 20000 }
to /etc/pf.conf.
Then I regularly check with pftop. For more than one week, no problem. But I
continue to check and it occurs again.
I have to check only from time to time because even when the problem arise, the
limit of 30000 is large enough to allow for new connections to be established
for some time...
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-pf
mailing list