From owner-freebsd-pf@FreeBSD.ORG Wed Nov 15 17:15:01 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7197716A407 for ; Wed, 15 Nov 2006 17:15:01 +0000 (UTC) (envelope-from Greg.Hennessy@nviz.net) Received: from lon-mail-4.gradwell.net (lon-mail-4.gradwell.net [193.111.201.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 68E7F43D5E for ; Wed, 15 Nov 2006 17:14:48 +0000 (GMT) (envelope-from Greg.Hennessy@nviz.net) Received: from 84-12-192-174.dyn.gotadsl.co.uk ([84.12.192.174] helo=vaio country=GB ident=gregh&pop3#nviz&net) by lon-mail-4.gradwell.net with esmtpa (Gradwell gwh-smtpd 1.237) id 455b4b05.b488.273; Wed, 15 Nov 2006 17:14:45 +0000 (envelope-sender ) From: "Greg Hennessy" To: "'Dan Langille'" , Date: Wed, 15 Nov 2006 17:14:38 -0000 Message-ID: <000001c708d9$880876d0$0301a8c0@vaio> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 Thread-Index: AccI1676YpNpm82WTL2qOQ5YUcSy1gAAWGcg In-Reply-To: <455AFDD3.28719.62D53A13@dan.langille.org> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962 Cc: Subject: RE: state table filled up? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Nov 2006 17:15:01 -0000 > I suspect this may have been my state table filling up. > For a high traffic'd internet facing service such as Freshports, running pfstat, symon or even the pf snmp mibs loaded into something such as Cacti is not optional. They would have kept track of firewall state table utilisation over time. As a short term measure. pfctl -si will tell you how many entries are in the state table. Greg