23.09.2024 15:22, Brian Conway пишет:
On Mon, Sep 23, 2024, at 6:19 AM, kasak wrote:
Hello, misc!
Could you please share your wisdom about this problem.
On my openbsd firewall, sometimes network become slow and some daemons
stop working.
/var/log/messages have this messages when slowdown is in place:
Sep 23 13:49:34 gater ntpd[30891]: sendto: Permission denied
Sep 23 13:56:22 gater isakmpd[64631]: sendmsg (14, 0x784ce63ce408, 0):
Permission denied
also nginx have this messages:
connect() to 172.16.0.80:443 failed (13: Permission denied) while
connecting to upstream
also i cannot ping nor nslookup anything also because "permission denied"
I found workaround by flushing pf states. After pfctl -F states
everything start to work again.
But maybe i should tune something i did not know about?
How can I diagnose this failures?
You may have a full state table. Try:
pfctl -si
pfctl -ss
Do I understand correctly that "current entries" (pfctl -si) is the
number of states?
Alternatively `pfctl -sa` includes all. If you have run out of available state
tracking, I would spot check what is using up all the state entries and whether
it is expected prior to increasing the limit.
Brian Conway
Owner
RCE Software, LLC
