Chad R. Larson wrote:

>I found that I could blow out the m0n0wall state table if I were a super 
>node, especially when my Windoze box would crash leaving unclosed 
>connections.  We used sysctl to lower the TCP timeout value from its 
>default ten days(!) to a couple of hours.
>  
>
I think that the timeout issue was also fixed in a 1.2 beta release.
It's also possible to increase the size of the state table, though it
slows things down if it gets that full.