Actions
Feature #1321
closedExpose the maximum number of state entries a rule can create
Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Rules / NAT
Target version:
-
Start date:
03/03/2011
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Description
We recently ran into an issue where we ran out of state entries which effectively made the firewall unresponsive. Still under-investigation.
But it became clear that limiting the number of states was an easy first solution. However the current "Simultaneous client connection limit" and "Maximum state entries per host" don't quite work as we have a large number of clients (>15,000) some with a large number of state entries (>500).
The attached patch (against a7e431f88db1e2e88614dad07913ad5ec634e652) exposes the maximum number of state entries the rule can create, exactly what we need.
Files
Actions