How did I miss that? Probably panic mode.
Once again I am awed by and indebted to this list. Thanks for the prompt response!
jw
On Mon, 23 Aug 2004, Mike Frantzen wrote:
My first thought is to cron a job, once a minute, to monitor the number of states in `pfctl -s info` ... if any single minute yields an increase of more than 50,000 states, then I flush all states and reload the ruleset. Is there a better way to contain disaster? With ipfilter, I tweaked kernel settings such as NKMEMCLUSTERS and NMBCLUSTERS to obscenely high numbers (such as 16K). Any other kernel tweaks? Or better yet, anything within pf to directly contain such a state runaway scenario?
see adaptive.start and adaptive.end in the pf.conf man page
.mike
