[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-pf
Subject:    Re: Logging dropped states (max-src-states)
From:       Richard Grint <r.l.grint () qmul ! ac ! uk>
Date:       2005-09-26 10:23:30
Message-ID: 4337CC22.2020809 () qmul ! ac ! uk
[Download RAW message or body]

Jeff Wilson wrote:

>One of my networks is behind an OpenBSD 3.5-stable firewall, and
>another network is behind a OpenBSD 3.7-stable firewall.  Between the
>two networks, I am serving over 4,000 clients.  Both firewalls limit
>source IP state with "max-src-states".  Once a client hits this state
>limit, no new state is allowed -- which is what I want, of course.
>
>My objective is to more efficiently troubleshoot connectivity
>problems, after the fact.  When I get the call from a colleague,
>asking "Can you tell me if Joe Bob was at his limit yesterday at 5pm?"
> Right now, I just shrug and say, "Nope!"
>
>Is there a straightforward way to log these "disallowed" states?  Or
>perhaps a way to log which IPs have hit this ceiling, and when, and
>for how long?
>
>    thanks,
>     jw
>
>  
>
I think set debug records that the limits were hit with 3.7 but not with 3.5
[prev in list] [next in list] [prev in thread] [next in thread]