On Wed, Feb 15, 2023 at 01:39:54PM +0100, Lars Bonnesen wrote: > One says: > > # pfctl -s info > Status: Enabled for 0 days 10:56:43 Debug: err > > State Table Total Rate > current entries 91680 > half-open tcp 4032 > searches 3132304294 79494.1/s > inserts 60916552 1546.0/s > removals 60824872 1543.7/s > Counters > match 79164265 2009.1/s > bad-offset 0 0.0/s > fragment 1 0.0/s > short 0 0.0/s > normalize 0 0.0/s > memory 1768012 44.9/s > bad-timestamp 0 0.0/s > congestion 1201 0.0/s > ip-option 0 0.0/s > proto-cksum 387 0.0/s > state-mismatch 82794949 2101.2/s > state-insert 230 0.0/s > state-limit 0 0.0/s > src-limit 0 0.0/s > synproxy 0 0.0/s > translate 0 0.0/s > no-route 0 0.0/s > > The other says: > > # pfctl -s info > Status: Enabled for 0 days 10:39:38 Debug: err > > State Table Total Rate > current entries 93847 > half-open tcp 8441 > searches 3900545422 101634.9/s > inserts 69463584 1810.0/s > removals 69369737 1807.5/s > Counters > match 752203697 19599.9/s > bad-offset 0 0.0/s > fragment 0 0.0/s > short 0 0.0/s > normalize 2 0.0/s > memory 212454 5.5/s > bad-timestamp 0 0.0/s > congestion 0 0.0/s > ip-option 0 0.0/s > proto-cksum 0 0.0/s > state-mismatch 33380332 869.8/s > state-insert 0 0.0/s > state-limit 0 0.0/s > src-limit 0 0.0/s > synproxy 0 0.0/s > translate 0 0.0/s > no-route 0 0.0/s > > What does that tell us?
That you need to increase the state limit in pf. pfctl -s info should not report any memory error. pfctl -sm will show you the current limits. pf.conf(5) has info on how to increase the limit (set limit). -- :wq Claudio
