Date: Thu, 28 Sep 2017 07:59:21 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 222126] pf is not clearing expired states Message-ID: <bug-222126-17777-oFaXykku6o@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-222126-17777@https.bugs.freebsd.org/bugzilla/> References: <bug-222126-17777@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222126 --- Comment #26 from hlh@restart.be --- The first time I detected this problem was when a computer was not allow a connection to the internet. I check the gateway (the pine64 running CURRENT) and find the 'PF states limit reached' in /var/log/messages. Then I run pftop and see that there was a huge number of states. Reboot the gateway solved the problem. I dig further and find the workaround. I add set limit { states 30000, src-nodes 20000, frags 20000 } to /etc/pf.conf. Then I regularly check with pftop. For more than one week, no problem. But I continue to check and it occurs again. I have to check only from time to time because even when the problem arise, the limit of 30000 is large enough to allow for new connections to be established for some time... -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-222126-17777-oFaXykku6o>