How many computers are in the network? If the network is big and busy you may hit the maximum nr of states that pf can track.
Code:
$ sudo pfctl -s info
Status: Enabled for 0 days 00:14:43 Debug: err
Interface Stats for egress IPv4 IPv6
Bytes In 1289347 0
Bytes Out 372112 64
Packets In
Passed 1661 0
Blocked 0 0
Packets Out
Passed 1596 1
Blocked 0 0
State Table Total Rate
current entries 3
searches 3258 3.7/s
inserts 157 0.2/s
removals 154 0.2/s
Counters
match 157 0.2/s
bad-offset 0 0.0/s
fragment 0 0.0/s
short 0 0.0/s
normalize 0 0.0/s
memory 0 0.0/s
bad-timestamp 0 0.0/s
congestion 0 0.0/s
ip-option 0 0.0/s
proto-cksum 0 0.0/s
state-mismatch 0 0.0/s
state-insert 0 0.0/s
state-limit 0 0.0/s
src-limit 0 0.0/s
synproxy 0 0.0/s
Here, on my desktop machine I only have 3 states. The maximum states pf can track is:
Code:
$ sudo pfctl -s memory
states hard limit 10000
src-nodes hard limit 10000
frags hard limit 5000
tables hard limit 1000
table-entries hard limit 200000
pf has still space/root for another 10000-3=9997 states. However, in a large and busy network you may have to increase the
states hard limit See the man pf.conf man page