Darren, I noticed on another box that it looks like this:
IP states added:
446043 TCP
735333 UDP
21536 ICMP
80110891 hits
47075066 misses
0 maximum
0 no memory
92 bkts in use
92 active
756869 expired
445951 closed
bkts and active pretty much matching up.
But on the box that is having the issue (and a bunch more traffic and
connections)
IP states added:
503251 TCP
103500 UDP
63074 ICMP
59277927 hits
31067012 misses
49128 maximum
0 no memory
44 bkts in use
9040 active
166568 expired
494217 closed
When I check the state table I see about 44 connections.. certainly
not 9 thousand by any means, if this helps at all.
Almost seems like the count is not decrementing or something once the
state is actually cleared.
Thanks,
--Wes
On Aug 14, 2006, at 12:03 PM, Darren Reed wrote:
Hi there,
running FreeBSD 6.1 stable with:
ipf: IP Filter: v4.1.13 (416)
Kernel: IP Filter: v4.1.13
Running: yes
Log Flags: 0x20000000 = block
Default: block all, Logging: available
Active list: 1
Feature mask: 0xa
..
If we run ipfstat -FS it only clears a few states.. If I run
ipfstat -
sl we only see a fraction of the states.
On previous versions ipfstat -FS always knocked the state table to
zero then it started building again.
I think you mean "ipf -FS". Try "ipf -FS -Fs".
Darren
