States
-
-
Those expired states should be being purged every 10 seconds based on
interval.I would undo everything you have done to try to solve this. All adjusted timeouts, adaptive settings, etc.
These are the defaults for mode Normal:
tcp.first 120s tcp.opening 30s tcp.established 86400s tcp.closing 900s tcp.finwait 45s tcp.closed 90s tcp.tsdiff 30s udp.first 60s udp.single 30s udp.multiple 60s icmp.first 20s icmp.error 10s other.first 60s other.single 30s other.multiple 60s frag 30s interval 10s src.track 0sThis points to something with the clock as has been mentioned before:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222126
-
Reading the link that you provided, the suggested 'fix' (last post) is to upgrade to FreeBSD 12
which isn't general release yet, although it is getting close (perhaps weeks away)
I created a new PFsense VM on my hyperV server running 2.3.5-Release, and already it seems that my internet is MUCH smoother and the states tables is NOT growing outlandishly, and my traffic graphs display nicely.
Problem is that I can't install any packages (mail reports, snort etc) unless I 'upgrade' to the newest version of PFSense.
I'm open to suggestions.
I'll probably try 2.4.1 as that is the next upgrade and I will see what happens -
Looking quickly at the release notes it seems that PFsense 2.4.0 was the first to use FreeBSD 11.x
And the instant that I upgrade 2.3.5 to current release the traffic graphs stop being normal, and the states table grows etc
(another observation I made is that while the newer release is booting on the VM, the Caps light on the keyboard toggles on/off hundreds of times per second)I'll run up another 2.3.5 and use that without the extra packages for the time being
-
Just a followup
2.4.x continues to have this problem
2.3 was working, but of course there are issues with using an old build, including the lack of packages.I have installed a clean install of the latest 2.5 build, and it is works as well or better than the 2.3 that I have been running.
2.5 is based on FreeBSD 12.
