[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PF and stalled connections

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: PF and stalled connections
From: Henning Brauer <lists-openbsd_(_at_)_bsws_(_dot_)_de>
Date: Thu, 2 Jan 2003 15:19:07 +0100
Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org

On Thu, Jan 02, 2003 at 02:16:02PM -0000, Dom De Vitto wrote:
> And for comparison, CheckPoint Firewall-1 (and VPN-1) has a fixed,
> but tunable (in the GUI now!) state table size of 25,000 entries.
> and it's about 500 entries per MB of RAM, ish.
> 
> So PF looks much better :-)

sure it does ;-)

there is a default size of 10000 entries for the state table in -current
(and thus will be in 3.3 and up), though that's easily tuneable by using
"set limit states somenumber" in pf.conf. we believe that 10k is big enough
for most installations while still beeing small enough for very low memory
machines. and it's soooo easy to change ;-)

-- 
http://2suck.net/hhwl.html
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

References:
- Re: PF and stalled connections
  - From: Henning Brauer
- Re: PF and stalled connections
  - From: Dom De Vitto

Prev by Date: Re: PF and stalled connections
Next by Date: Re: PF and stalled connections
Previous by thread: Re: PF and stalled connections
Next by thread: Re: PF and stalled connections
Index(es):
- Date
- Thread

Visit your host, monkey.org