On Mon, Sep 23, 2024, at 6:19 AM, kasak wrote: > Hello, misc! > > Could you please share your wisdom about this problem. > > On my openbsd firewall, sometimes network become slow and some daemons > stop working. > > /var/log/messages have this messages when slowdown is in place: > > Sep 23 13:49:34 gater ntpd[30891]: sendto: Permission denied > Sep 23 13:56:22 gater isakmpd[64631]: sendmsg (14, 0x784ce63ce408, 0): > Permission denied > > also nginx have this messages: > > connect() to 172.16.0.80:443 failed (13: Permission denied) while > connecting to upstream > > also i cannot ping nor nslookup anything also because "permission denied" > > I found workaround by flushing pf states. After pfctl -F states > everything start to work again. > > But maybe i should tune something i did not know about? > > How can I diagnose this failures?
You may have a full state table. Try: pfctl -si pfctl -ss Alternatively `pfctl -sa` includes all. If you have run out of available state tracking, I would spot check what is using up all the state entries and whether it is expected prior to increasing the limit. Brian Conway Owner RCE Software, LLC
