[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PF and stalled connections

To: misc@openbsd.org
Subject: Re: PF and stalled connections
From: Henning Brauer <lists-openbsd@bsws.de>
Date: Thu, 2 Jan 2003 11:03:59 +0100
Content-Disposition: inline
Mail-Followup-To: misc@openbsd.org
References: <20021231015609.GD25023@skywalker.bsws.de> <001001c2b1d9$4fef0800$7215a9d9@devitto.com>

On Wed, Jan 01, 2003 at 09:04:02PM -0000, Dom De Vitto wrote:
> I think Henning means:
> The state table grows/shrinks appropriately.

yes. to exhaust the state table (which in theory is possible) without
setting a very low limit you'd have to have a _lot_ of connections.

> So (unlike other firewalls) you NEVER "run out" until you run out of
> RAM (and maybe not even then - is the area swappable? Is any part of
> the Obsd kernel swappable?)

well we acquire memory via pool(9), that is not swappable.

Follow-Ups:
- Re: PF and stalled connections
  - From: "Dom De Vitto" <dom@DeVitto.com>

References:
- Re: PF and stalled connections
  - From: "Dom De Vitto" <dom@DeVitto.com>

Prev by Date: Re: AntiVirus for sendmail
Next by Date: Re: httpd modules
Prev by thread: Re: PF and stalled connections
Next by thread: Re: PF and stalled connections
Index(es):
- Date
- Thread