From owner-freebsd-pf@FreeBSD.ORG  Tue Oct  4 21:39:50 2011
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0535C1065674
	for <freebsd-pf@FreeBSD.org>; Tue,  4 Oct 2011 21:39:50 +0000 (UTC)
	(envelope-from flo@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id E6FB68FC08;
	Tue,  4 Oct 2011 21:39:49 +0000 (UTC)
Received: from nibbler-wlan.home.lan (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p94LdmYH018660;
	Tue, 4 Oct 2011 21:39:49 GMT (envelope-from flo@FreeBSD.org)
Message-ID: <4E8B7D24.107@FreeBSD.org>
Date: Tue, 04 Oct 2011 23:39:48 +0200
From: Florian Smeets <flo@FreeBSD.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7;
	rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1
MIME-Version: 1.0
To: "Bradley W. Dutton" <brad-fbsd-pf@duttonbros.com>
References: <20111004140605.Horde.FqODeklJCItOi3U9N79RPQs@duttonbros.com>
In-Reply-To: <20111004140605.Horde.FqODeklJCItOi3U9N79RPQs@duttonbros.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-pf@FreeBSD.org
Subject: Re: 9-BETA3 "current entries" growing indefinitely
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Oct 2011 21:39:50 -0000

On 04.10.11 23:06, Bradley W. Dutton wrote:
> Hi,
>
> I just updated an 8-STABLE box to 9-BETA3 and have a problem where PF
> keeps growing the "current entries" indefinitely. I saw another person
> with a similar issue:
> http://groups.google.com/group/mailing.freebsd.current/browse_thread/thread/f350be446d1914d8?pli=1
>
> But I didn't get any reply.
>
> I rebuilt world again once more after the initial 8-STABLE upgrade to
> see if it would fix itself but no luck. My firewall rules haven't
> changed and from what I've read I shouldn't need to change anything for
> this update. Anyone have any ideas? Flusing states will clear out the 34
> states but won't clear the current entries. I've had to do the following
> in pf.conf to keep my home router up for more than a day:
> set limit states 1600000 # this used to be 30k
>

Hi,

this is a known problem, and it's being worked on. A workaround is to 
use the pf module and not compile it into the kernel.

HTH,
Florian