Hi
I'm having a problem with PF since time ago and i can't solve it (FreeBSD 11.1-RELEASE-p8). It's appears randomly (sometimes when there is more traffic, sometimes not, about 1 to 5 times per month), the message is:
kernel: [zone: pf states] PF states limit reached
This drops all connections until i do restart the pf service. I was trying to increment the limits to big big numbers but that doesn't resolv the problem:
set limit { states 800000, frags 400000, src-nodes 300000 }
set timeout { adaptive.start 18000, adaptive.end 39000 } # note: i tried adding this, but doesn't work
'Pfctl -si' shows:
'pfctl -sm':
The system is a VM in VMWare. I have this problem with different configs in pf.conf. I have this problem ussually in one of the VMs but sometimes it happens in other VMs
I googled a lot but i can't solve this.
Any ideas? Thank you
I'm having a problem with PF since time ago and i can't solve it (FreeBSD 11.1-RELEASE-p8). It's appears randomly (sometimes when there is more traffic, sometimes not, about 1 to 5 times per month), the message is:
kernel: [zone: pf states] PF states limit reached
This drops all connections until i do restart the pf service. I was trying to increment the limits to big big numbers but that doesn't resolv the problem:
set limit { states 800000, frags 400000, src-nodes 300000 }
set timeout { adaptive.start 18000, adaptive.end 39000 } # note: i tried adding this, but doesn't work
'Pfctl -si' shows:
Code:
Status: Enabled for 0 days 01:55:25 Debug: Urgent
Interface Stats for vmx0 IPv4 IPv6
Bytes In 201676094 540906
Bytes Out 1274748598 1157607
Packets In
Passed 1065152 2725
Blocked 7017 0
Packets Out
Passed 573385 2501
Blocked 19 0
State Table Total Rate
current entries 700
searches 1650824 238.4/s
inserts 64402 9.3/s
removals 335 0.0/s
Counters
match 73832 10.7/s
bad-offset 0 0.0/s
fragment 0 0.0/s
short 0 0.0/s
normalize 0 0.0/s
memory 0 0.0/s
bad-timestamp 0 0.0/s
congestion 0 0.0/s
ip-option 0 0.0/s
proto-cksum 0 0.0/s
state-mismatch 41 0.0/s
state-insert 0 0.0/s
state-limit 0 0.0/s
src-limit 0 0.0/s
synproxy 0 0.0/s
map-failed 0 0.0/s
'pfctl -sm':
Code:
states hard limit 800000
src-nodes hard limit 300000
frags hard limit 400000
table-entries hard limit 200000
The system is a VM in VMWare. I have this problem with different configs in pf.conf. I have this problem ussually in one of the VMs but sometimes it happens in other VMs
I googled a lot but i can't solve this.
Any ideas? Thank you