How to reset state table with cron.
-
How to make a script to schedule reset of state table or to check state table and reset it if it reaches to certain state like for example when it reaches 20k. or reset it every 12 pm.
-
i can only say that
To reset all states the command ispfctl -F state -
@kiokoman Thanks. I made a script to check state and reset it when reaches to 20k. do cron job check every 10 min :
Have to do this as my modem became so slow if state gets too high.
#!/bin/sh
stat=$(pfctl -s info | grep current | awk -F " " '{print $3}')
if [ $stat -gt 20000 ]
then
# reset state
pfctl -F state
fi -
Makes no sense at all.. "Modems" don't have an idea on "how" many states you might have open or or sitting in a idle state, or waiting to close, etc...
20k states is not very many to be honest.. How many users? 20k would be a lot for 1 or 2 users.. Just killing states out of the blue not really a good idea, since it would kill all active connections and things would have to reconnect. Are you running p2p or something that could generate a high number of states?
Prob be better to look into removing stale states faster.. You might want to set aggressive as you firewall optimization setting under system / advanced / firewall & nat.
Or if need be you can adjust specific state timeouts..
What are you running pfsense on? Again a "modem" has no idea how many states your firewall would have open.. A modem is not a stateful anything.. Firewalls are stateful..
-
@johnpoz said in How to reset state table with cron.:
A modem is not a stateful anything.. Firewalls are stateful..
Probably not a "modem" but an ISP router that has a built-in modem and a firewall of its own.
-
Just out of the blue
Why should u use the script to kill
The states via cron...Is there a use case that someone can explain ;)
To be honest I never thought of this, the one time was when optimize fail over n switch back of multi Wan
-
@Derelict said in How to reset state table with cron.:
Probably not a "modem" but an ISP router that has a built-in modem and a firewall of its own.
Concur - but killing states on downstream router (pfsense), not going to clear those.. If anything it would leave them hanging..
If I had to guess, is he prob had something using up his bandwdith.. And killing that via killing states freed that up..
Killing all states on pfsense is not the solution here, can tell you that much.
-
got this one
Thx -
@johnpoz 20k states does not mean you have 20k users. 1 user could make 10k active connections like downloading lot of torrents.Yes it is a roiuter sorry not modem. PLDT and Converge routers has these problem with their routers . I use VPN to reduce these problem so that only the VPN pipe the modem can see. However I dont tunnel all connections, real time traffic will be lag if I pass it on vpn.
-
@noplan YEs PLDT Home fiber has these problem, I use to pass some traffic to vpn to reduce the problem. Whenever active states reaches 20k sometimes my internet disconnected or it gets laggy. when I flush the states it gets back to normal.
-
Yeah you have fun with that...
20k states does not mean you have 20k users.
Just at a loss for words, really..
-
@johnpoz I have lot of wifi vending machine connected to my internet.
-
Wifi vending machine...
So cool! -
You should get internet service that doesn't suck.
Or put whatever device is in front of pfSense in bridge mode, etc.
-
Exactly what the ISP service line did saturday
with one of our Wan connections here
Settin this box in bridge mode or as they call it dummy modeAfter they did it
A) connection improved
B) speed improved
C) more noise (cuz lack of providers global block list)Feels goood
