PfSense 2.0 Firewall Maximum States & Firewall Maximum Table Entries

  • I understand what the "Firewall Maximum States" value set but not Firewall Maximum Table Entries…Does anyone know what "Firewall Maximum Table Entries" is referring to other than the brief description "aliases, sshlockout, snort, etc, combined"?

    Also, under this section is states the defaults for these values based on the system. How does it determine this? I have a dual-core Pentium 3GHz with 4Gig of Ram running the i386 2.0 RC3 installation. I would have thought these values would have been much higher. I'd like to set the States to 1,000,000 but am not sure what the general rule is for "Firewall Maximum Table Entries"?

    My system is reporting:
    Firewall Maximum States
    On your system the default size is: 295000
    Firewall Maximum Table Entries
    On your system the default size is: 100000

    Thanks in advance!

  • Rebel Alliance Developer Netgate

    It means exactly what the text says. Tables are places where lists of IPs are held, like Aliases. On some systems people use these to hold a lot of data, such as lists of IPs/netblocks in certain countries, so they need to increase this size. Most people do not need to change that.

    Those default values are determined based on the amount of RAM available in the system. More RAM means a larger default. The default is meant to be reasonable for most people, but obviously in many cases would need to be increased. (The default in 1.2.x was a measly 10,000 :-). You can set that as high as you can handle in terms of RAM; 1 state == 1k of RAM, so 1 million states is 1GB of RAM.