Re: Simple PF Router/Firewall/NAT requirements: was Performance optimizing OpenBSD 7.2

2023-02-15 Thread patric conant 
no

On Wed, Feb 15, 2023 at 10:21 PM Steve Litt 
wrote:

> Claudio Jeker said on Wed, 15 Feb 2023 14:14:11 +0100
>
>
> >I think the state-mismatch is a result of hitting the state limit and
> >not the other way around.  At over 90'000 states the default timeouts
> >are reduced by more than 50% and so states are removed too soon
> >resulting in a state-mismatch.
> >
> >So first bump the limit up and then look at the counters again.
>
> Within the next three months I'll be building a hardware (not VM)
> OpenBSD machine with pf filtering to Route, firewall and NAT between my
> house's IPV4 192.168.0.0/24 network and the Internet. My Internet is
> about 26Mbit down and 3.5Mbit up. Do you think I'll need to worry about
> state limits, states or state-mismatches?
>
> Thanks,
>
> SteveT
>
> Steve Litt
> Autumn 2022 featured book: Thriving in Tough Times
> http://www.troubleshooters.com/bookstore/thrive.htm
>
>

-- 
Patric Conant
Mirage Computing Lead Consultant
@MirageComputing on twitter
https://m.facebook.com/MirageComputing/
316 409 2424

Simple PF Router/Firewall/NAT requirements: was Performance optimizing OpenBSD 7.2

2023-02-15 Thread Steve Litt 
Claudio Jeker said on Wed, 15 Feb 2023 14:14:11 +0100


>I think the state-mismatch is a result of hitting the state limit and
>not the other way around.  At over 90'000 states the default timeouts
>are reduced by more than 50% and so states are removed too soon
>resulting in a state-mismatch.
>
>So first bump the limit up and then look at the counters again.

Within the next three months I'll be building a hardware (not VM)
OpenBSD machine with pf filtering to Route, firewall and NAT between my
house's IPV4 192.168.0.0/24 network and the Internet. My Internet is
about 26Mbit down and 3.5Mbit up. Do you think I'll need to worry about
state limits, states or state-mismatches?

Thanks,

SteveT

Steve Litt 
Autumn 2022 featured book: Thriving in Tough Times
http://www.troubleshooters.com/bookstore/thrive.htm