On 02-10-2014 17:30, System Administrator wrote: > All these (otherwise valid) suggestions are useless until we know more > about the specific firewall in question -- information best delivered > in the form of dmesg, 'pfctl -si' output and other statistics as > indicated in Ville's response below. I recently struggled with a very > similar problem until I noticed that the total number of states > reported in pftop was "stuck" at 10,000 ... guess what? that is a > default limit and (also by default) stateless traffic is*dropped*! > Raising that particular limit_magically_ tripled the throughput. It is on the top of the /etc/pf.conf installation file. They put it there just because people would come to misc complaining to only them discover about the state limit. Also, there is no magic here. 10k is a valid default limit tha won't consume too much memory and is ok for most uses. In more than 10 years using pf I only had to tweak it once. As for the OP, more information really is needed. But with the traffic he mentioned, there are a lot of points where the bottleneck could be. Perhaps even more than one combined.
Cheers, [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
