worked great.. one firewall is 1.2.3 and it was exactly as you mentioned. the other firewall is 1.2.2 and there is no "set skip on pfsync" line but I added it in the same section before the $rules .= "\n";
touched a rule to force the firewall reload and the numbers show up as expected. # pfctl -sm states hard limit 200000 src-nodes hard limit 23456 frags hard limit 5000 tables hard limit 1000 table-entries hard limit 100000 pfsrctrpl: 124, 23467, 5047, 1215, 18262, 0 thanks, tom On Tue, Aug 31, 2010 at 1:03 AM, Chris Buechler <[email protected]> wrote: > On Tue, Aug 31, 2010 at 12:43 AM, Tom <[email protected]> wrote: > > pfsrctrpl seems to translate to src-nodes > > Edit /etc/inc/filter.inc, find these two lines: > $rules .= "\n"; > $rules .= "set skip on pfsync0\n"; > > above those, add: > $rules .= "set limit src-nodes 23456\n"; > > or whatever number you want it to be. Save changes, edit and save a > rule and apply changes to kick off a filter reload. That take care of > it? > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > Commercial support available - https://portal.pfsense.org > >
