pf(4) as a NAT44 router

0

pf(4) is a bit optimistic with regard to how many states it can track using the defaults.

[zone: pf states] PF states limit reached

Raising the hard limits to four times the default seems better:

set limit {
  states 40000,
  src-nodes 40000,
  frags 20000,
  table-entries 800000
}

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>