pfsrctrpl seems to translate to src-nodes
# pfctl -sm
states hard limit 200000
src-nodes hard limit 10000
frags hard limit 5000
tables hard limit 1000
table-entries hard limit 100000
I can change the src-nodes limit by editing pf.cfg with the following
set limit { src-nodes 23456 }
and then running
pfctl -f pf.cfg
this shows the following changes
src-nodes hard limit 23456
and
pfsrctrpl: 124, 23467, 2635, 7378, 650614,
336039
but I lose access to the firewall.
When I reload the firewall it resets the src-nodes
In addition to the above, I added the following line to the top <System>
section of the /cf/conf/config.xml
<max-src-nodes>23456</max-src-nodes>
but it still didn't work.
On Mon, Aug 30, 2010 at 6:49 PM, Tom <[email protected]> wrote:
> I forgot to mention than when this happens, I can still connect to other
> IPs on the same firewall so it seems to be a per IP limit.
>
>
> On Mon, Aug 30, 2010 at 6:46 PM, Tom <[email protected]> wrote:
>
>> We are running pfSense v: *1.2.2 *and running ejabberd and we are unable
>> to have more than 10K connections to the same IP.
>>
>> While searching for the settings, we found the following:
>>
>> vmstat -z
>>
>> ITEM SIZE LIMIT USED FREE REQUESTS
>> FAILURES
>> .
>> pfsrctrpl: 124, 10013, 9803, 210, 592703,
>> 332183
>> .
>> .
>>
>> pfsrctrpl seems to be our issue.. What is this and how can we change it?
>>
>> Advanced Options on the rule we are having trouble with is blank so it
>> should be be used.
>> We've tried setting it to 15000 and that didn't make any difference.
>>
>> Firewall Maximum States: is set to 100000 and we also tried to change it
>> to 200000
>>
>> Any ideas?
>> thanks,
>> tom
>>
>
>
