But if i disable S/SA for internal -> out then i would get wrong state tables from in -> out and wrong queue will be assinged and my state table will be overwhelmed again. ( esp at times FW reset)
now, I am sure I know the reson of outbound blocks, those are all inactive connections, and killed from state table due to time limit, not important.it must be, OS netstat may increase but it is also not imp. because of established timeout of OS. if i can find what TCP flags I should put in place of S/SA as tcp option to describe the comminucation beginning, i will be verry happy.
