Alexey, > > pf is VERY fast on stateful filtering (while searching states). memory > is the bottleneck (if number of states is high) but it is VERY easy to > deal nowadays: 2x512Mb of DDR RAM costs less than $100. > > or maybe firewall's CPU is slow?... post dmesg if permitted... > > "-k" kills states which you busted manually by src.track. i think you > should try less complicated setup without src.track. >
In this case to keep in the same serving I will have that to leave the values of very great tcp.closing and tcp.closed, keeping in firewall states unnecessary. Thanks!! -- Diego Linke Public Key: http://www.gamk.com.br/gamk.asc
