[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PF and stalled connections

To: "'Henning Brauer'" <lists-openbsd@bsws.de>, <misc@openbsd.org>
Subject: Re: PF and stalled connections
From: "Dom De Vitto" <dom@DeVitto.com>
Date: Thu, 2 Jan 2003 14:16:02 -0000
Organization: Secure Technologies Ltd.

And for comparison, CheckPoint Firewall-1 (and VPN-1) has a fixed,
but tunable (in the GUI now!) state table size of 25,000 entries.
and it's about 500 entries per MB of RAM, ish.

So PF looks much better :-)
 
Dom
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Dom De Vitto                                       Tel. 07855 805 271
http://www.devitto.com                         mailto:dom@devitto.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 


-----Original Message-----
From: owner-misc@openbsd.org [mailto:owner-misc@openbsd.org] On Behalf
Of Henning Brauer
Sent: Thursday, January 02, 2003 1:55 PM
To: misc@openbsd.org
Subject: Re: PF and stalled connections


On Thu, Jan 02, 2003 at 01:45:03PM -0000, Dom De Vitto wrote:
> Can anyone 64mb, 128mb, or 256mb results?
> Can anyone post "big" states table sizes?

the rule of thub is 1k states per meg of ram.
64 MB -> 64k states
128 MB -> 128k states etc

my busiest production machine (128MB) peaks at about 35k states at the
moment.

-- 
http://2suck.net/hhwl.html
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

Follow-Ups:
- Re: PF and stalled connections
  - From: Henning Brauer <lists-openbsd@bsws.de>

References:
- Re: PF and stalled connections
  - From: Henning Brauer <lists-openbsd@bsws.de>

Prev by Date: Re: PF and stalled connections
Next by Date: Re: PF and stalled connections
Prev by thread: Re: PF and stalled connections
Next by thread: Re: PF and stalled connections
Index(es):
- Date
- Thread