If it is an upper layer protocol that is using up all of the pf states, can rules be created automatically that would block individuals from doing this, or do I have to manually create a rule? PLease let me know.
Thanks, Aaron iProvo Network Engineer On 6/18/05, tony sarendal <[EMAIL PROTECTED]> wrote: > On 19/06/05, Aaron Leach <[EMAIL PROTECTED]> wrote: > > Is proxy ARP running by default on a typical BSD install? I am talking > > about ARPS. The only traffic I can see coming into the box is ARP when > > I do a network trace. As soon as I disable the customer, NAT returns > > to normal as far as the entries are concerned. I enable the customer > > and then I start increasing the table entries. I may be clueless, but > > I thought BSD did not do Proxy ARP with the default install. > > > > I don't belive it does proxy ARP by default, but I'm just guessing. I > don't see how ARP's would generate states PF, some real traffic is > probably causing that. > > What does pfctl -s states say ? > Have a look into the man page for pf.conf, stateful tracking options, > max-src-states and others. You can limit the number states allowed by > one hosts, and some other useful stuff as well. > > /Tony
