From owner-freebsd-pf@FreeBSD.ORG  Fri Dec 18 11:51:10 2009
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 408F3106566C
	for <freebsd-pf@freebsd.org>; Fri, 18 Dec 2009 11:51:10 +0000 (UTC)
	(envelope-from gofdp-freebsd-pf@m.gmane.org)
Received: from lo.gmane.org (lo.gmane.org [80.91.229.12])
	by mx1.freebsd.org (Postfix) with ESMTP id F16488FC1A
	for <freebsd-pf@freebsd.org>; Fri, 18 Dec 2009 11:51:09 +0000 (UTC)
Received: from list by lo.gmane.org with local (Exim 4.50) id 1NLbMR-0000Tl-8E
	for freebsd-pf@freebsd.org; Fri, 18 Dec 2009 12:51:07 +0100
Received: from p5798b9ce.dip.t-dialin.net ([87.152.185.206])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <freebsd-pf@freebsd.org>; Fri, 18 Dec 2009 12:51:07 +0100
Received: from jumper99 by p5798b9ce.dip.t-dialin.net with local (Gmexim 0.1
	(Debian)) id 1AlnuQ-0007hv-00
	for <freebsd-pf@freebsd.org>; Fri, 18 Dec 2009 12:51:07 +0100
X-Injected-Via-Gmane: http://gmane.org/
To: freebsd-pf@freebsd.org
From: "Helmut Schneider" <jumper99@gmx.de>
Date: Fri, 18 Dec 2009 11:50:50 +0000 (UTC)
Lines: 19
Message-ID: <xn0gj1oplnxcq4001@news.gmane.org>
References: <237c27100912142221k6cf62b7ay97c8ae20bd0e7eb2@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
X-Complaints-To: usenet@ger.gmane.org
X-Gmane-NNTP-Posting-Host: p5798b9ce.dip.t-dialin.net
User-Agent: XanaNews/1.19.1.194
X-Ref: news.gmane.org ~XNS:00000011
Sender: news <news@ger.gmane.org>
Subject: Re: Lots of weird PF behavior on 7.2-STABLE
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Dec 2009 11:51:10 -0000

Linda Messerschmidt wrote:

> 1) TCP connections (mainly port 80) sometimes take 3 seconds to get
> started instead of being virtually instant.
> 2) Sometimes HTTP connections just stop responding.  (Client program
> times out waiting for response.)
> 3) Sometimes connections get weirdly dropped ("Connection reset by
> peer.") 4) Sometimes if I am ssh'd through the firewall, something
> will happen and my inbound packets will start getting dropped, but
> outbound packets still pass.  For example, if I'm at the shell
> prompt, it is non-responsive.  But if I log alongside a stuck
> connection and "write" to that tty, I will see it no problem.
> 5) States that have no right to still be there continue to pile up
> into the hundreds of thousands.

If no suggestion helped so far try to scrub the mss to a smaller value
like 1400 or even lower.

Helmut