I am seeing the following problem after upgrading a RELENG_4 system to (a very recent) RELENG_6: Within about two days of uptime the system wil no longer allow incoming or outgoing traffic, necessitating a reboot. A possible symptom is that the `active' counter in `ipfstat -s' slowly creeps up to 4013, then stops, at which time the system is unable to accept or initiate connections. Needless to say, this problem didn't occur on RELENG_4. All the while `ipfstat -t' doesn't show an unusual amount of state entries.
It's almost like some state info is leaking, causing IPFilter to believe it has run out of state table entries. Increasing this maximum value is not a fix if a leak is present as it would only delay the onset of the problem. The only change to the ruleset after the upgrade has been to do what the IPFilter FAQ IV.2 suggests, i.e. add `flags S' to TCP `keep state' rules. This doesn't help, and neither does clearing the state table entries using `ipf -FS'. The reboots are obviously unwanted. Anyone else seeing this behavior? Is this a bug in IPFilter 4.1.8 (416)? -- Jos Backus jos at catnook.com _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
