[ On Saturday, December 9, 2000 at 04:26:12 (-0800), stephen.welker@nemostar.com.au wrote: ]
> Subject: kern/11670: ipf eventually blocks all traffic (thus ignoring any rules set)
>
> With ipf enabled (sysctl -w net.inet.ip.forwarding=1), after say a few
> hours of solid traffic (at modem speed) all traffic is blocked.

Are your rules potentially blocking significant numbers of packets?

Are you running "ipmon"?  If so did you give it the '-n' option?  If so,
then do not -- that'll cause it to block waiting for DNS lookups, and
that'll potentially cause the /dev/log buffers to fill.

BTW, what do you mean by "thus ignoring any rules set"?  Do you mean
simply that traffic which should be passed is no longer passed?

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>      <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>