Re: pf stops working after state table gets big

On 11 Apr, Kim Jørgensen wrote:
: I have a OpenBSD 3.6 (with all patches) router, with 6 vlans and 300-400
: users behind each vlan. There are about 70/30Mbit traffic.
: Its running pf to do some logging, eg. I have rules like "pass in log on
: vlan7 from x.x.x.x/x to any keep state", a simple block rule, and some
: scrubbing.
: The state table gets a bit big, around 80k (max 200k). But after some time
: the pf stops working, and no new states are created, pfctl -si show about
: 25000 states.
: pfctl -Fs don't work. pfctl -x loud dont show anything.
: The only thing that works is pfctl -d.
Could we perhaps see those with -g attached?