On Mon, Sep 23, 2024, at 6:19 AM, kasak wrote:
> Hello, misc!
>
> Could you please share your wisdom about this problem.
>
> On my openbsd firewall, sometimes network become slow and some daemons
> stop working.
>
> /var/log/messages have this messages when slowdown is in place:
>
> Sep 23 13:49:34 gater ntpd[30891]: sendto: Permission denied
> Sep 23 13:56:22 gater isakmpd[64631]: sendmsg (14, 0x784ce63ce408, 0):
> Permission denied
>
> also nginx have this messages:
>
> connect() to 172.16.0.80:443 failed (13: Permission denied) while
> connecting to upstream
>
> also i cannot ping nor nslookup anything also because "permission denied"
>
> I found workaround by flushing pf states. After pfctl -F states
> everything start to work again.
>
> But maybe i should tune something i did not know about?
>
> How can I diagnose this failures?
You may have a full state table. Try:
pfctl -si
pfctl -ss
Alternatively `pfctl -sa` includes all. If you have run out of available state tracking, I would spot check what is using up all the state entries and whether it is expected prior to increasing the limit.
Brian Conway
Owner
RCE Software, LLC
No comments:
Post a Comment