Darren Reed wrote:
Jens Elkner wrote:
Finally (in July 2009, i.e. almost 2 years later!!!) it turned out,
that the state table size is by far too small - see fr_statemax in
ipf -T list | awk '/fr_state/ { print $1, $7 }'
So the sun case engineer explained, if ipf can not insert an entry into
the state table, it just _continues_ evaluating the rules that follow.
I couldn't believe my eyes!!! What a crap!!!
Well, what would you have it do?
On "secure by default" grounds, drop the packet. And bump a counter.
- Jeremy
_______________________________________________
networking-discuss mailing list
networking-discuss@opensolaris.org
