On 18/12/2024 18:22, Maurice Janssen wrote: > I moved the rules for the NTP traffic to the top and this seems to improve > things. But I'll leave it overnight to have some better stats in the > morning. > > Best regards, > Maurice
Jumping in since I've also recently added an ntp server in ntppool.org and saw spikes on my states as well as pps. I've added Net speed: 500Mbit on the server management on site in order to limit connections. I don't use a private IP and thought about removing keeping state but I decided to keep it. Rule is as far up as it can be and it's like this: @70 pass in quick on $ext_if proto udp to $ntp_server port ntp set prio (1,1) keep state (pflow, max-src-states 20, source-track rule, udp.first 30, udp.multiple 30) tag to_internal On the other hand, I don't have packet loss. I have an average of 15K states all the time. Interface is vlan on top of trunk on top of ix(4) Good luck, G
