From owner-freebsd-ipfw@FreeBSD.ORG Thu May 15 16:28:52 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 51CCB1065671 for ; Thu, 15 May 2008 16:28:52 +0000 (UTC) (envelope-from vivek@khera.org) Received: from yertle.kcilink.com (myrtle.kcilink.com [66.250.193.116]) by mx1.freebsd.org (Postfix) with ESMTP id 26C118FC1C for ; Thu, 15 May 2008 16:28:51 +0000 (UTC) (envelope-from vivek@khera.org) Received: from host-121.int.kcilink.com (host-121.int.kcilink.com [192.168.7.121]) by yertle.kcilink.com (Postfix) with ESMTP id BA0DB8A0AD; Thu, 15 May 2008 12:09:39 -0400 (EDT) Message-Id: <6ADAB997-FAA4-43B8-AB57-3CC4A04F3700@khera.org> From: Vivek Khera To: FreeBSD Stable In-Reply-To: <482C0A89.104@FreeBSD.org> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v919.2) Date: Thu, 15 May 2008 12:09:39 -0400 References: <04EA1C34-AB7D-4A85-8A91-DED03E987706@khera.org> <482C07DE.3090504@yandex.ru> <482C0A89.104@FreeBSD.org> X-Mailer: Apple Mail (2.919.2) Cc: freebsd-ipfw@freebsd.org Subject: Re: how much memory does increasing max rules for IPFW take up? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 May 2008 16:28:52 -0000 On May 15, 2008, at 6:03 AM, Bruce M. Simpson wrote: > Having said that the default tunable of 256 state entries is > probably quite low for use cases other than "home/small office NAT > gateway". The deafult on my systems seems to be 4096. My steady state on a pretty popular web server is about 400, on a busy inbound mail server, around 800 states. I need to account for peaks much higher, though. Luckily most of my connections are short-lived. Thanks for the answers!