Project

General

Profile

Actions
Copy link

Feature #1321

closed

Expose the maximum number of state entries a rule can create

Added by Nick Brachet about 13 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Rules / NAT
Target version:
-
Start date:
03/03/2011
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:

Description

We recently ran into an issue where we ran out of state entries which effectively made the firewall unresponsive. Still under-investigation.
But it became clear that limiting the number of states was an easy first solution. However the current "Simultaneous client connection limit" and "Maximum state entries per host" don't quite work as we have a large number of clients (>15,000) some with a large number of state entries (>500).

The attached patch (against a7e431f88db1e2e88614dad07913ad5ec634e652) exposes the maximum number of state entries the rule can create, exactly what we need.

Files

patch.a7e431f88db1e2e88614dad07913ad5ec634e652 (3.4 KB) patch.a7e431f88db1e2e88614dad07913ad5ec634e652 Nick Brachet, 03/03/2011 04:54 PM
Actions
Copy link
 #1

Updated by Chris Buechler over 10 years ago

  • Status changed from New to Closed
  • Affected Version deleted (1.2.3)

exists in 2.x

Actions
Copy link

Also available in: Atom PDF