[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PF and stalled connections

To: <misc@openbsd.org>
Subject: Re: PF and stalled connections
From: "Dom De Vitto" <dom@DeVitto.com>
Date: Wed, 1 Jan 2003 21:04:02 -0000
Organization: Secure Technologies Ltd.

I think Henning means:
The state table grows/shrinks appropriately.

So (unlike other firewalls) you NEVER "run out" until you run out of
RAM (and maybe not even then - is the area swappable? Is any part of
the Obsd kernel swappable?)

Dom
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Dom De Vitto                                       Tel. 07855 805 271
http://www.devitto.com                         mailto:dom@devitto.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 


-----Original Message-----
From: owner-misc@openbsd.org [mailto:owner-misc@openbsd.org] On Behalf
Of Henning Brauer
Sent: Tuesday, December 31, 2002 1:56 AM
To: misc@openbsd.org
Subject: Re: PF and stalled connections


On Mon, Dec 30, 2002 at 02:34:57PM -0800, David S. wrote:
> The OP's 'pf.conf' contained
> 
> 	# pass all packets
> 	pass in on $ext all keep state
> 	pass out on $ext all keep state
> 	pass in on $int all keep state
> 	pass out on $int all keep state
> 	---------------pf.conf----------------
> 
> Keeping state on everything could over-load the state table under 
> heavy traffic.

please stop spreading lies.

Follow-Ups:
- Re: PF and stalled connections
  - From: Henning Brauer <lists-openbsd@bsws.de>

Prev by Date: Re: Encryption Accelerators
Next by Date: PF locking up, with following error
Prev by thread: Re: problem installing from MSDOS partition
Next by thread: Re: PF and stalled connections
Index(es):
- Date
- Thread