Mangesh wrote:
Dear Scott,
I am using OpenBSD 3.0 with ipfilter 3.4.35 and is handling a good
amount of traffic.
I have increase IPSTATE_SIZE from 5737 to 500 009 and
IPSTATE_MAX from 4013 to 350 003
and currenly working fine for me.
I have tried to with Open BSD 3.5 with ipfilter 4.1.3 works for low
traffic but if traffic
goes up then machine gets dump and have to restart the machine so i
think you should not
use this combination on production environment ( Anybody on the list
using this combination ??????? )
I used 4.1.2, 4.1.3 and 4.1next with OpenBSD 3.5. I had to patch 4.1.2
to get it usable, but even with the recent 4.1next we have issues with
the ipfilter box stalling every now and then.
Did you use the ipf ftp-proxy nat module with 4.1.3? I had the feeling
that the stalls may be related to nate'ed ftp traffic. Not sure about
that though.
So I would urge you not to use 4.1.3 right now. Sorry, but I can't tell
you anything about 3.4.x on OpenBSD since my rule set makes heavy use of
macros (to make it editable by ppl not speaking ipfilter). As far as i
know, 3.4.x does not support macros, so i can't downgrade to it.
-- Attila
Regards
Mangesh
Scott wrote:
I was wondering what the best (most stable) version of IPFilters would
be for a production Solaris 9 box. I had issues with 4.1.3 and can't
have my boxes drop on me..
Thanks..
Scott
