Chad R. Larson wrote:
>I found that I could blow out the m0n0wall state table if I were a super
>node, especially when my Windoze box would crash leaving unclosed
>connections. We used sysctl to lower the TCP timeout value from its
>default ten days(!) to a couple of hours.
I think that the timeout issue was also fixed in a 1.2 beta release.
It's also possible to increase the size of the state table, though it
slows things down if it gets that full.