[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ipf states overload ?

To: misc@openbsd.org
Subject: ipf states overload ?
From: Wojciech Scigala <wojtus@wojtus.net>
Date: Sun, 19 Nov 2000 03:33:16 +0100

Hello,

After I've redesigned my firewall to use keep-state and keep-frags
feature, I'm experiencing wierd behaviour of my OpenBSD (still 2.6)
box. After some days of continous work as a router and firewall, TCP connections
from machines behind this router/firewall goes very long to set up or
even don't set up at all.

I've found only one primitive solution for this - resetting ipf states, by ipf
-FS, or by ipf -D ; ipf -f /etc/ipf.rules -E

- immediately after that all TCP starts to work fine for the next 2-3 days.

The machine isn't very strong - intel 166, 40MB RAM - but load
averages never exceed 2% and there's still free memory and unused
swap. Anyway this looks like some kind of ipf overload.

-- 
Wojtuś.net
FidoNet: 2:484/47

Follow-Ups:
- Re: ipf states overload ?
  - From: Seth Arnold <sarnold@willamette.edu>
- Re: ipf states overload ?
  - From: Jan Johansson <jan@wenf.org>
- Re: ipf states overload ?
  - From: Camiel Dobbelaar <cd@sentia.nl>

Prev by Date: Re: dial up
Next by Date: Re: ipf states overload ?
Prev by thread: Re: CLosing Ports
Next by thread: Re: ipf states overload ?
Index(es):
- Date
- Thread