[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: IPfilter changes?
- From: dl at leo.org (Daniel Lang)
- Date: Tue Apr 22 07:03:47 2003
Martin Stiemerling wrote on Tue, Apr 22, 2003 at 03:21:34PM +0200:
> Ah, ok, So you are running out of state table entries...
Oh well. Thats a statement I can use. :)
> That's OK, i.e. no out of memory problems within IP Filter.
> Would be nice to see the "State table bucket statistics" output from the
> end of ipfstat -s.
The buckets and active states kept changing, around 1500-4000+.
I talked to our netadmin, who told me, that this could be the problem.
In my ruleset I seems to carry _lots_ of unnecessary state information
around. I changed this to keep state only for outgoing connection
and flags S/SA set.
I will see, how it behaves.
Thanks a lot so far.
IRCnet: Mr-Spock - Agartim billiard bumba m'abdul in papejim twista
- rumba rock n rolla. Leik'ab mai. Spirzon Heroin se'osit gaula. -
- Marijuana esit gaula. Haschisch. Opis. -
Daniel Lang * dl_(_at_)_leo_(_dot_)_org * +49 89 289 18532 * http://www.leo.org/~dl/
Visit your host, monkey.org