Claudio Jeker said on Wed, 15 Feb 2023 14:14:11 +0100
>I think the state-mismatch is a result of hitting the state limit and >not the other way around. At over 90'000 states the default timeouts >are reduced by more than 50% and so states are removed too soon >resulting in a state-mismatch. > >So first bump the limit up and then look at the counters again. Within the next three months I'll be building a hardware (not VM) OpenBSD machine with pf filtering to Route, firewall and NAT between my house's IPV4 192.168.0.0/24 network and the Internet. My Internet is about 26Mbit down and 3.5Mbit up. Do you think I'll need to worry about state limits, states or state-mismatches? Thanks, SteveT Steve Litt Autumn 2022 featured book: Thriving in Tough Times http://www.troubleshooters.com/bookstore/thrive.htm
