|
||||||||
I run M0n0wall version 1.11 at my colo on a Nexcom NSA 1041. At this time my state table is filled with +/- 1000 active entries (ipfstat -s) at medium traffic. For version 1.11 the defaults are: Max state table: around 4000 TCP idle timeout: 10 days=20 I know that of Beta 1.2b2 these values changed to 30000 and 2,5 hour (that's more like it for a production environment). After reading the archives i found out that it's not possible to change the Max state table through the exec.php, it's hard coded and is loaded during the boot process (please correct me if I'm wrong). I already checked the ipf rules so that their are no unnecessary broken entries in the state table Question 1: Is it possible to change the TCP idle timeout to a lower value through exec.php or at boot time by adding a <shellcmd> command in the config.xml. So that the state table release it's entries quicker? Question 2: Which Beta release from Beta 1.2b2 would be best for my environment? And finally regards and great respect to Manual and the team for making a great firewall and all the effort, support and time spent on M0n0wall and M0n0BSD. Maarten |