Manuel Bouyer <bouyer@antioche.eu.org> wrote:
: On Tue, Jan 15, 2002 at 01:58:33PM +0100, Jaap Boender wrote:
: When it is hung, can you try a 'ipfstat -sl' and 'ipfstat -f' 
: There is a (quite higth) limit on how many state ipf can hold, maybe you're
: reaching it.
: It can be increased by a kernel compile, but I don't remmeber the #define
: to change ...

That was indeed the problem. I kept state on all outgoing packets, instead
of just those with the SYN flag set, which clogged up the state list.

Thanks; also to Jim Miller, who suggested the fix.

  Jaap
---
Coffee, Coffee muß ich haben,
Und wenn jemand mich will laben,
Ach, so schenkt mir Coffee ein!
  -- J.S. Bach / Picander, Kaffee-Kantate