Re: Variable state entry timeouts?
This is a discussion on Re: Variable state entry timeouts? within the IPFilter forums, part of the System Security and Security Related category; Hauke Fath wrote: > At 21:01 Uhr -0700 31.08.2007, Darren Reed wrote: >> Hauke Fath wrote: &...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
09-01-2007
|
|||
|
|||
Re: Variable state entry timeouts?
Hauke Fath wrote:
> At 21:01 Uhr -0700 31.08.2007, Darren Reed wrote: >> Hauke Fath wrote: >>> ... >>> [hf@Vertatscha] /home/hf # ipfstat -s >>> IP states added: >>> ... >>> 15701 maximum >> ... >> >> I'm willing to bet that because you are hitting the roof with >> your state table entries, the ssh connections are being flushed >> out as part of the "idle cleanup". > > Hm. Many people are still on holiday, so last week's network load > wasn't too high. Is there any way of increasing the size of the state > memory pool? > > And is http://www.phildev.net/ipf/IPFprob.html#prob9 of any relevance > here? Sort of. Once the connection is gone from the state table, it has to be able to be recreated. SO if you only have "flags S keep state" then the state wont be recreated when an ACK comes along. Darren 
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 01:32 PM.
