On 03.08.2017 06:42, Emille Blanc wrote:
> 005: RELIABILITY FIX: May 6, 2017
> Expired pf source tracking entries never got removed, leading to memory
> exhaustion.
> ref: https://www.openbsd.org/errata61.html
Thanks for the pointer! Problem gone after running syspatch (such a cool
tool!).
/m
On 02.08.2017 19:39, Steve Williams wrote:
Hi,
I apologize! I just got educated :)
Without reading your original email without attention to detail, I
assumed your overload was to a table called "Sources".
eg... overload flush global
I was not aware of the existance of the "Sources" table.
Hi,
I apologize! I just got educated :)
Without reading your original email without attention to detail, I
assumed your overload was to a table called "Sources".
eg... overload flush global
I was not aware of the existance of the "Sources" table. Now I am! lol.
I did confirm that the
On 02.08.2017 16:07, Steve Williams wrote:
> pfctl -t Sources -T flush
Thanks for the hints. The above yields an error here:
# pfctl -t Sources -T flush
pfctl: Table does not exist.
pfctl(8) is rather clear on the topic:
...
-F modifier
Flush the filter parameters specified by
Hi,
Sources is a table, so you need to use the Table commands to flush it.
pfctl -t Sources -T flush
To give you an idea...
I have a "blocklist" that I am keeping updated hourly from
http://lists.blocklist.de/
I've found the maximum number of hosts on my system in a table is
somewhere
There does seem to be a timer that is set to expire, but it does not
seem to work:
# pfctl -s Sources -vv
...
a.b.c.d ( states 0, connections 0, rate 0.0/0s )
age 11:41:50, expires in 00:00:00, 33 pkts, 11524 bytes, rule 582
e.f.g.h ( states 0, connections 0, rate 0.0/0s )
age 12:24:25,
Hi all
I have a pair of OBSD 6.1 firewalls, on which some rules require source
tracking, i.e. have a max-src-conn or similar statement as in:
pass log quick on { em0 vlan1 } inet proto tcp from any to
port { 80, 443 } modulate state ( max-src-conn 50,
max-src-conn-rate 25/5, overload flush
7 matches
Mail list logo
