From owner-freebsd-pf@freebsd.org Fri Oct 2 16:17:12 2020 Return-Path: Delivered-To: freebsd-pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1A99D430D96 for ; Fri, 2 Oct 2020 16:17:12 +0000 (UTC) (envelope-from kisscoolandthegangbang@hotmail.fr) Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-oln040092075076.outbound.protection.outlook.com [40.92.75.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "GlobalSign Organization Validation CA - SHA256 - G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4C2w9y419Xz4N77 for ; Fri, 2 Oct 2020 16:17:10 +0000 (UTC) (envelope-from kisscoolandthegangbang@hotmail.fr) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cdG/p7Rk5tdzHaUC5v1/9W1aza9Xj34iVdcVKWe4Hi7gVCqBfuF/cMTl0XYjwfv54jYyldlElPiB3N1a9YEYbYSY3zCXXRnqeHo/hM9GQuDP16gQNVIZ0G0K+2u/xJnsPEItUFV1BvI54lOnKzcbZYgnHe/s9pNCeLrr+CMSaSmrqkKv0D4CflkSZHHcrkcj9f5JQIJInPEeLOLPkFt1GII9+YaK82BzTbL9ooL0OpoGWIvVdz7Oh+0tCT4UsiLNN5I2V55oHyHDdFseOg6bL7WxUxqsIqti5AbNfnhbah6pIOIMhnoTYmjdpMJRjOlI1IHX9zouG4L0n88AKTrkhA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rZN6w0oF+lDmhr1P5ZsfCntzd8KvzzD2/r55il0wz2o=; b=YKH5Gq4OF6enM52JVo/7s1yNW/KguoCUOFFPoNjwAv+l0esXAhdKo2+ypx/ezxoiGLwFSLi2Cw5phi6LIrBMpuHOK9x6witOj1sDqJstRvIK/K2+CPybtUkLlNmIrmkv6xH71LmKNGcKP5xk3OL8U/Q339dKZGcryP8Trj+SxHxrxIrtqA/BAy8PuqfSU3TTU1kqDPlX6Ay2KNueuV8sSRhpH+/abiiKfYUwuThzT+jgWsO256Hs3HtnS5/VUkkQjKHMzPwvazkqrGPcJv7dCFCxVj4A+AdEeu6zRwyUjOCJNJzMiiUXwJz0RZr0jnLVRGl86H5tpsc+Dnj0jARBug== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none Received: from HE1EUR04FT035.eop-eur04.prod.protection.outlook.com (2a01:111:e400:7e0d::50) by HE1EUR04HT004.eop-eur04.prod.protection.outlook.com (2a01:111:e400:7e0d::107) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3433.34; Fri, 2 Oct 2020 16:17:08 +0000 Received: from VE1PR03MB5629.eurprd03.prod.outlook.com (2a01:111:e400:7e0d::49) by HE1EUR04FT035.mail.protection.outlook.com (2a01:111:e400:7e0d::294) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3433.34 via Frontend Transport; Fri, 2 Oct 2020 16:17:08 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:95B426C7B3A301E86ABF934A0D0B6AD23617293347E9FF0C6418B1194EC3A054; UpperCasedChecksum:5E61DCBFCDBB8F8D965D813A2CAC74A8A5993DD625F44C44D2471465F05B9A4E; SizeAsReceived:8026; Count:47 Received: from VE1PR03MB5629.eurprd03.prod.outlook.com ([fe80::3440:3970:7a3a:b48f]) by VE1PR03MB5629.eurprd03.prod.outlook.com ([fe80::3440:3970:7a3a:b48f%7]) with mapi id 15.20.3433.038; Fri, 2 Oct 2020 16:17:08 +0000 Date: Fri, 2 Oct 2020 18:18:34 +0200 From: kaycee gb To: freebsd-pf@freebsd.org Subject: Re: PF states limit reached Message-ID: In-Reply-To: <489adbd3-4400-0cf8-31f1-45509af31925@quip.cz> References: <489adbd3-4400-0cf8-31f1-45509af31925@quip.cz> X-Mailer: Claws Mail 3.17.4 (GTK+ 2.24.31; x86_64-slackware-linux-gnu) Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-TMN: [J+r5c3vvZfWSm68/vMnxiSwIyC5sp/3q] X-ClientProxiedBy: AM4P190CA0015.EURP190.PROD.OUTLOOK.COM (2603:10a6:200:56::25) To VE1PR03MB5629.eurprd03.prod.outlook.com (2603:10a6:803:11e::30) X-Microsoft-Original-Message-ID: <20201002181834.0079e7db@slackstro.home.lan> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from mail.lacabanedeladmin.trickip.net (93.1.37.139) by AM4P190CA0015.EURP190.PROD.OUTLOOK.COM (2603:10a6:200:56::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3433.32 via Frontend Transport; Fri, 2 Oct 2020 16:17:08 +0000 Received: from slackstro.home.lan ([172.16.93.19]) (authenticated bits=0) by mail.lacabanedeladmin.trickip.net (8.15.2/8.15.2) with ESMTPSA id 092GH5P7031654 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NO) for ; Fri, 2 Oct 2020 18:17:06 +0200 (CEST) (envelope-from kisscoolandthegangbang@hotmail.fr) X-MS-PublicTrafficType: Email X-IncomingHeaderCount: 47 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-Correlation-Id: 14b1bdf3-3805-4b93-7d74-08d866ee9c34 X-MS-TrafficTypeDiagnostic: HE1EUR04HT004: X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: sH204k9Xx5EGow117jaencL/DdSl84y3QBUBajyRwvkRWFwIMZnMmbj1syQdcHF1+4+7MDsk5SUlcznFm+CEvZUDwsl6yyyQJNIkKFH+UedFVKj5T/HU5fryji3uLb56wfMum3XyY90Z2g1wKDrcP6Tj9r/iVxn9DikdH+Rd1XUBiSwvnWruzAflyBYHu9RcVlD+iu2cDNCzZ492N2hkv3YgPnYKZfml86QGJwDEX+GsffYO+kWFDhLEOaviJqm5 X-MS-Exchange-AntiSpam-MessageData: mPfjrebBloq6fcEbbT88uEd8so8Fay8ZJRBt6aLytnTjX3jpm7kThVyD4DTazvTjqTJIiAqNvIR1CCjHTcRi+bBtP3xGaQMVodNR2g1U1CnfzPNVTCSZQBWa4DxsS1z7aMoad+0LI6uKm6yRP+2rAw== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 14b1bdf3-3805-4b93-7d74-08d866ee9c34 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Oct 2020 16:17:08.4698 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-AuthSource: HE1EUR04FT035.eop-eur04.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1EUR04HT004 X-Rspamd-Queue-Id: 4C2w9y419Xz4N77 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=pass (policy=none) header.from=hotmail.fr; spf=pass (mx1.freebsd.org: domain of kisscoolandthegangbang@hotmail.fr designates 40.92.75.76 as permitted sender) smtp.mailfrom=kisscoolandthegangbang@hotmail.fr X-Spamd-Result: default: False [-4.36 / 15.00]; RCVD_TLS_LAST(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_FIVE(0.00)[6]; RECEIVED_SPAMHAUS_PBL(0.00)[93.1.37.139:received]; FROM_HAS_DN(0.00)[]; FREEMAIL_FROM(0.00)[hotmail.fr]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-pf@freebsd.org]; TO_DN_NONE(0.00)[]; ARC_ALLOW(-1.00)[microsoft.com:s=arcselector9901:i=1]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.98)[-0.981]; NEURAL_HAM_MEDIUM(-0.98)[-0.976]; R_SPF_ALLOW(-0.20)[+ip4:40.92.0.0/15]; NEURAL_HAM_SHORT(-0.60)[-0.600]; DMARC_POLICY_ALLOW(-0.50)[hotmail.fr,none]; RCVD_IN_DNSWL_NONE(0.00)[40.92.75.76:from]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[hotmail.fr]; ASN(0.00)[asn:8075, ipnet:40.80.0.0/12, country:US]; MIME_TRACE(0.00)[0:+]; MAILMAN_DEST(0.00)[freebsd-pf]; RWL_MAILSPIKE_POSSIBLE(0.00)[40.92.75.76:from] X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Oct 2020 16:17:12 -0000 Le Fri, 2 Oct 2020 17:54:13 +0200, Miroslav Lachman <000.fbsd@quip.cz> a =E9crit : > On 02/10/2020 16:44, kaycee gb wrote: > > Le Fri, 2 Oct 2020 14:59:44 +0200, > > Miroslav Lachman <000.fbsd@quip.cz> a =E9crit : > > =20 > [...] =20 >=20 > [...] >=20 > [...] =20 > > If you have a little set of rules, you can add a "no state" or "no-stat= e" to > > the rule, check in man page, I am not sure about the syntax right now. > >=20 > > There may be also an option to change the default behaviour to not add = "keep > > state" automatically. Once again looking in man page may help. > >=20 > > And that is strange, I agree, maybe some optimisation/option is the cul= prit. > > But I don't know where to look. What version of FreeBSD are you using ?= That > > may help others =20 >=20 > I am sorry, it is on FreeBSD 11.4-p4 amd64. >=20 > I tried to read man page, maybe not so carefully, but didn't found how=20 > to turn automatic keep state off. I also tried to search on the net=20 > without any luck. >=20 Looking quickly, can't find too. Maybe I was thinking about "set state-defaults".=20 I'm afraid you'll have to use "no state" manually for each rule.=20 > Thank you >=20 > Miroslav Lachman > _______________________________________________ > freebsd-pf@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >=20