23.09.2024 15:22, Brian Conway пишет:
> On Mon, Sep 23, 2024, at 6:19 AM, kasak wrote:
>> Hello, misc!
>>
>> Could you please share your wisdom about this problem.
>>
>> On my openbsd firewall, sometimes network become slow and some daemons
>> stop working.
>>
>> /var/log/messages have this messages when slowdown is in place:
>>
>> Sep 23 13:49:34 gater ntpd[30891]: sendto: Permission denied
>> Sep 23 13:56:22 gater isakmpd[64631]: sendmsg (14, 0x784ce63ce408, 0):
>> Permission denied
>>
>> also nginx have this messages:
>>
>> connect() to 172.16.0.80:443 failed (13: Permission denied) while
>> connecting to upstream
>>
>> also i cannot ping nor nslookup anything also because "permission denied"
>>
>> I found workaround by flushing pf states. After pfctl -F states
>> everything start to work again.
>>
>> But maybe i should tune something i did not know about?
>>
>> How can I diagnose this failures?
> You may have a full state table. Try:
>
> pfctl -si
> pfctl -ss
Do I understand correctly that "current entries" (pfctl -si) is the
number of states?
>
> Alternatively `pfctl -sa` includes all. If you have run out of available state tracking, I would spot check what is using up all the state entries and whether it is expected prior to increasing the limit.
>
> Brian Conway
> Owner
> RCE Software, LLC
>
No comments:
Post a Comment