On 22.02.2018 14:10, Misak Khachatryan wrote: > Hello there, > > just a quick feedback. I've added rules to my ipfw to block all isakmp > ports on interfaces not involved in ipsec and rebooted 3 of 4 > machines. Situation returned to normal on them, but rebooting fourth > host is very painful. It seems i have some kind of massive ipsec > probes from botnet which fills all my SAD and SPD entries or PFKEY > sockets. > > All i need is to flush all SAD and SDP entries, but setkey can't do > that. Is there any other way?
Try to increase sysctl kern.ipc.maxsockbuf upto some huge value like 80MB and re-try with setkey. _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
