Hi. Apologies if this message is a duplicate. I am having issues
posting to this list.
I am wondering if setting an ipf rule such as the one below will cause
some TCP rate limiting.
pass in quick on <if#> proto tcp from any to 172.17.167.126/32 port =
http keep state
I am trying to explain TCP RSTs being seen with ipfstat:
clabf5% sudo ipfstat
bad packets: in 0 out 0
IPv6 packets: in 0 out 0
before => input packets: blocked 9971298 passed 1285221084
nomatch 0 counted 0 short 0
after => input packets: blocked 9975079 passed 1285286724
nomatch 0 counted 0 short 0
--------------------------------------------------------------------------------------
Diff =====> 3781
output packets: blocked 0 passed 1223457926 nomatch 11506
counted 0 short 0
input packets logged: blocked 0 passed 0
output packets logged: blocked 0 passed 0
packets logged: input 0 output 11506
log failures: input 0 output 10147
fragment state(in): kept 0 lost 0 not fragmented 0
fragment state(out): kept 0 lost 0 not fragmented 0
packet state(in): kept 11432484 lost 7811812
packet state(out): kept 3676883 lost 16089
before => ICMP replies: 0 TCP RSTs sent: 7766345
after => ICMP replies: 0 TCP RSTs sent: 7769835
-----------------------------------------------
Diff ==========> 3490
Invalid source(in): 0
Result cache hits(in): 422528946 (out): 309901634
IN Pullups succeeded: 538 failed: 0
OUT Pullups succeeded: 21889 failed: 0
Fastroute successes: 7766345 failures: 0
TCP cksum fails(in): 0 (out): 0
IPF Ticks: 2097481
Packet log flags set: (0)
none
-vijay
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
