From owner-freebsd-pf@FreeBSD.ORG Wed Sep 3 01:19:48 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3B6851066734 for ; Wed, 3 Sep 2008 01:19:48 +0000 (UTC) (envelope-from spomerg@cwu.EDU) Received: from donald.cts.cwu.edu (donald.cts.cwu.edu [198.104.67.147]) by mx1.freebsd.org (Postfix) with ESMTP id 2213F8FC13 for ; Wed, 3 Sep 2008 01:19:48 +0000 (UTC) (envelope-from spomerg@cwu.EDU) Received: from CONVERSION-CWU-DAEMON.DONALD.CTS.CWU.EDU by DONALD.CTS.CWU.EDU (PMDF V6.4 #31640) id <01MZ3G8E7LTS000G02@DONALD.CTS.CWU.EDU> for freebsd-pf@freebsd.org; Tue, 02 Sep 2008 18:19:47 -0700 (PDT) Received: from hermes.cwu.edu (hermes.cwu.edu [172.16.21.28]) by DONALD.CTS.CWU.EDU (PMDF V6.4 #31640) with ESMTP id <01MZ3G8DXJ80000G2H@DONALD.CTS.CWU.EDU> for freebsd-pf@freebsd.org; Tue, 02 Sep 2008 18:19:47 -0700 (PDT) Received: from cwugate1-MTA by hermes.cwu.edu with Novell_GroupWise; Tue, 02 Sep 2008 18:19:47 -0700 Date: Tue, 02 Sep 2008 18:19:43 -0700 From: Gavin Spomer To: freebsd-pf@freebsd.org Message-id: <48BD83BF020000900001CC53@hermes.cwu.edu> MIME-version: 1.0 X-Mailer: Novell GroupWise Internet Agent 7.0.3 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: quoted-printable Content-disposition: inline Subject: Re: PF is blocking inbound/outbound ssh, nothing else X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Sep 2008 01:19:49 -0000 >>> Alex Trull 09/02/08 3:22 PM >>> > > Gavin, > >=20 > > Could mean you've maxed out your connection states pf=20 > >=20 > > if you've got a default amount of states, that means a 10k=20 > > state limit - check the output of the following for the=20 > > current states: > >=20 > > pfctl -s all | grep current > >=20 > > if it's at 10k or thereabouts, raise it :) Thanks Alex. It says current entries is 0. What does that mean? > > set limit { states 20000 } > >=20 > > obviously, 20000 may still be too small, see how it scales=20 > > once you've raised the limits. I tried setting it all the way to 100000. Still no change. > >=20 > > You may also have run out of source ports, but that is=20 > > another kettle of fish. What do you mean by that? If this part is not relevant to this list, could = you please email off-list, maybe point me in the right direction? If you = are referring to tcp/udp ports, I am running a LOT of stuff on this = server! > > -- > > Alex Obviously I'm still quite the newb to pf, so I'll look at some more = info... do my homework. The "pfctl -s all" is a great tip. Thanks. Looks = like lots of good info there, just need to figure out what it all means. = :) - Gavin