Re: PF and rtables (VRFs)

Henning Brauer Thu, 22 Mar 2012 15:04:33 -0700

* Paketix <pake...@bluewin.ch> [2012-03-22 08:51]:
> i am using multiple rtables to separate traffic from different zones on my
> openbsd 5.0 firewall
> is there a way to limit pf states *per zone / rtable* so that a single zone
> cannot eat up all states?
> if a zone is able to fill up the state table this will be kind of a DOS 
> other zones are no longer able to create new pf states


no, there is noc such limit atm. you can and probably should have
limits on the individual rules tho.

--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully
Managed
Henning Brauer Consulting, http://henningbrauer.com/

Re: PF and rtables (VRFs)

Reply via email to