Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    Introducing Netgate Nexus: Multi-Instance Management at Your Fingertips.

    Maximum state entries per host 2.2.6

    Scheduled Pinned Locked Moved Firewalling
    1 Posts 1 Posters 515 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      djamp42
      last edited by

      I have the Maximum state entries per host set to 2000 on my LAN Net to ANY rule. I see a IP on the LAN  going over the 2000 limit, eventually using the entire state table.

      This is the only allow rule i have on the LAN interface. I have NOT rebooted the firewall after setting this limit, just reset all states (multiple times)

      The only strange thing is when i filter just this IPs states, and i hit delete by a certain state it deletes a bunch of states at the same time.

      So for example, if i hit delete on any one of the following it deletes all of them. So is pf counting all of them as 1 state? Do i need to set anything else to use the advanced rules?

      
LAN tcp X.X.X.X:80 -> 10.10.10.10:63554 ESTABLISHED:ESTABLISHED 
LAN tcp X.X.X.X:80 -> 10.10.10.10:63556 ESTABLISHED:ESTABLISHED  
LAN tcp X.X.X.X:80 -> 10.10.10.10:63558 ESTABLISHED:ESTABLISHED 
LAN tcp X.X.X.X:80 -> 10.10.10.10:63560 ESTABLISHED:ESTABLISHED 
LAN tcp X.X.X.X:80 -> 10.10.10.10:63562 ESTABLISHED:ESTABLISHED
LAN tcp X.X.X.X:80 -> 10.10.10.10:63564 ESTABLISHED:ESTABLISHED
LAN tcp X.X.X.X:80 -> 10.10.10.10:63566 ESTABLISHED:ESTABLISHED   
LAN tcp X.X.X.X:80 -> 10.10.10.10:63568 ESTABLISHED:ESTABLISHED   
LAN tcp X.X.X.X:80 -> 10.10.10.10:63570 ESTABLISHED:ESTABLISHED
      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2026 Rubicon Communications LLC (Netgate). All rights reserved.