Update: For help running both snmpds at the same time, see Net-SNMP and snmpd Coexistence on OpenBSD
Now that OPENBSD-CARP-MIB and OPENBSD-PF-MIB have been added to the base snmpd in OpenBSD (CARP-MIB will be in 5.1-release, PF-MIB in 5.2, and the SENSOR MIB has been there since 4.5), I wanted to document the differences between these MIBs and the corresponding implementation of the MIBs that I wrote for Net-SNMP.
Both implementations provide the same set of OIDs and allow the same data to be retrieved. Whatever you were querying via Net-SNMP is available via snmpd.
What has changed is the base OID where the CARP and PF MIBs are rooted at as well as the name of certain OIDs.
The OpenBSD routing table can be carved into multiple virtual routing tables allowing complete logical separation of attached networks. This article gives a brief overview of rtables and explains how to successfully leak traffic between virtual routing domains.
I recently had an issue with an OpenBSD firewall where the number of state table entries was hitting the default limit of 10,000. When this limit is reached, no new state entries can be created. If you're using "keep state", "modulate state" or "synproxy state" on your rules or if you're running OpenBSD 4.1 or newer (where "keep state" is the default on all rules) this could mean that:
So.... if you hit the state table limit it's kinda bad, mmmkay?