I would like to do that, but the system is a SCO Openserver and ipfilter is installed as a binary package (SCO don't distribute any ipfilter's source files for the Openserver kernel).
By the way I'm flushing the state table at 02:00am (there shouldn't by any users using the system at that time), but it isn't a solution at all. Do you know some way to keep the filter secure but don't keep state of tcp proxy outgoing connections?. > > have you tried increasing the size of the state table? > see ip_state.h in the source tree. > > for more details refer to > http://marc.theaimsgroup.com/?l=ipfilter&m=101617663930873&w=2 > and > http://marc.theaimsgroup.com/?l=ipfilter&m=100020469419411&w=2 > > one thing you should definitely consider is lowering > the default 'incomplete state' timeout. on that note, > glean from this: > http://home.earthlink.net/~jaymzh666/ipf/IPFsolaris.html#10 > > jim > > > > Alejandro Valdez wrote: > > Hello, > > > > > My server state table fill up once a day. The output from the > > ipfstat -s says that it has 2048 entries, where: > > > That server is running squid proxy server > Alejandro Valdez
