Date: Tue, 23 Jan 2007 10:09:23 -0200
From: "Eduardo Meyer" <dudu.meyer@gmail.com>
To: freebsd-pf@freebsd.org
Subject: set limit { states X, frags Y } not working - buggy?
Message-ID: <d3ea75b30701230409v45c621ccubb7e243b8423d3cf@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello, I have some doubts. First let me introduce you my problem. Sometimes, using pf route-to, the machines behind my NAT box can't start new sessions/connections, and on the box itself I get "Operation not permitted" when this problem happens. I suspected it was a limit on the number of states. Since the problem happens whenever it wants, I tried to reproduce the behavior lowing down the states limits, and for my surprise, I get a number of states way too higher than the limit. Please, see: # pfctl -s memory states hard limit 5000 src-nodes hard limit 10000 frags hard limit 2500 # pfctl -s info | grep "current entries" current entries 13770 What am I confusing here, or this really should not happen? -- =========== Eduardo Meyer pessoal: dudu.meyer@gmail.com profissional: ddm.farmaciap@saude.gov.br
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d3ea75b30701230409v45c621ccubb7e243b8423d3cf>