Maximum state entries per host 2.2.6


  • I have the Maximum state entries per host set to 2000 on my LAN Net to ANY rule. I see a IP on the LAN  going over the 2000 limit, eventually using the entire state table.

    This is the only allow rule i have on the LAN interface. I have NOT rebooted the firewall after setting this limit, just reset all states (multiple times)

    The only strange thing is when i filter just this IPs states, and i hit delete by a certain state it deletes a bunch of states at the same time.

    So for example, if i hit delete on any one of the following it deletes all of them. So is pf counting all of them as 1 state? Do i need to set anything else to use the advanced rules?

    
    LAN tcp X.X.X.X:80 -> 10.10.10.10:63554 ESTABLISHED:ESTABLISHED 
    LAN tcp X.X.X.X:80 -> 10.10.10.10:63556 ESTABLISHED:ESTABLISHED  
    LAN tcp X.X.X.X:80 -> 10.10.10.10:63558 ESTABLISHED:ESTABLISHED 
    LAN tcp X.X.X.X:80 -> 10.10.10.10:63560 ESTABLISHED:ESTABLISHED 
    LAN tcp X.X.X.X:80 -> 10.10.10.10:63562 ESTABLISHED:ESTABLISHED
    LAN tcp X.X.X.X:80 -> 10.10.10.10:63564 ESTABLISHED:ESTABLISHED
    LAN tcp X.X.X.X:80 -> 10.10.10.10:63566 ESTABLISHED:ESTABLISHED   
    LAN tcp X.X.X.X:80 -> 10.10.10.10:63568 ESTABLISHED:ESTABLISHED   
    LAN tcp X.X.X.X:80 -> 10.10.10.10:63570 ESTABLISHED:ESTABLISHED