For what it's worth, I'm having exactly the same problem with orphan states
in the state table. );
Running 4.1.15 on Solaris 10 x64 on an X2100 M2.
ipf -FS -Fs isn't able to clear them and the box just finally dies...
This can be seen below.
After attempting to clear state the "active connections" is still set to the
system's maximum:
[EMAIL PROTECTED] <[EMAIL PROTECTED]> sudo ipfstat -s
IP states added:
136609 TCP
6275 UDP
34 ICMP
6020652 hits
27459457 misses
2032 maximum
0 no memory
1 bkts in use
18131 active
6311 expired
118478 closed
State logging enabled
State table bucket statistics:
1 in use
0.00% bucket usage
0 minimal length
1 maximal length
1.000 average length
and
[EMAIL PROTECTED] sudo ipnat -s
mapped in 477958 out 481050
added 23525 expired 0
no memory 0 bad nat 24
inuse 0
rules 6
wilds 0
I've got another firewall running v3.4 on NetBSD and it hums just fine. It
appears to be a v4 bug ?
Regards
Corey.
On 12/9/06, Darren Reed <[EMAIL PROTECTED]> wrote:
In order to analyse this problem some more...
There is a patch attached to this email that will keep "orphans" in the
