我的防火墙遇到了与max states per rule.
# pfctl -vvsi
Status: Enabled for 0 days 13:05:38 Debug: Urgent
Hostid: 0x6556c6a9
Checksum: 0xe80368af9b3c0a876218cd2af59fbed5
State Table Total Rate
current entries 7614
searches 323053106 6853.3/s
inserts 6650716 141.1/s
removals 6643102 140.9/s
Source Tracking Table
current entries 0
searches 0 0.0/s
inserts 0 0.0/s
removals 0 0.0/s
Counters
match 31988315 678.6/s
bad-offset 0 0.0/s
fragment 0 0.0/s
short 0 0.0/s
normalize 0 0.0/s
memory 0 0.0/s
bad-timestamp 0 0.0/s
congestion 0 0.0/s
ip-option 12 0.0/s
proto-cksum 0 0.0/s
state-mismatch 4702 0.1/s
state-insert 45381 1.0/s
state-limit 13837 0.3/s
src-limit 0 0.0/s
synproxy 0 0.0/s
Limit Counters
max states per rule 13837 0.3/s
max-src-states 0 0.0/s
max-src-nodes 0 0.0/s
max-src-conn 0 0.0/s
max-src-conn-rate 0 0.0/s
overload table insertion 0 0.0/s
overload flush states 0 0.0/s
正如我们在上面看到的那样,state-limits由于max states per rule
我的 maxes 很大:
# pfctl -sm
states hard limit 550000
src-nodes hard limit 50000
frags hard limit 5000
tables hard limit 5000
table-entries hard limit 400000
但是我怎样才能增加max states per rule呢?
你试过这个吗?