Date: Tue, 27 Sep 2011 11:28:15 -0700 From: Chuck Swiger <cswiger@mac.com> To: =?iso-8859-1?Q?R=E9my_Sanchez?= <remy.sanchez@hyperthese.net> Cc: freebsd-ipfw@freebsd.org Subject: Re: Random freezes Message-ID: <F97D0858-A51D-4FA6-88EB-722389A25A4A@mac.com> In-Reply-To: <201109271958.29919.remy.sanchez@hyperthese.net> References: <201109271958.29919.remy.sanchez@hyperthese.net>
index | next in thread | previous in thread | raw e-mail
Hi-- On Sep 27, 2011, at 10:57 AM, Rémy Sanchez wrote: > The only solution we have so far : we just reload the rules, and everything > gets back to normal. Which is a bit unpleasant I must say... > > So, I've fallen short of ideas, does anyone see why some rules just block like > that ? Maybe we should move to the in-kernel NAT ? Sounds like you're running out of dynamic rule entries. Check net.inet.ip.fw.dyn_count sysctl and increase net.inet.ip.fw.dyn_max as needed. Also consider not using stateful rules for UDP traffic like DNS and NTP if at all possible... Regards, -- -Chuckhelp
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F97D0858-A51D-4FA6-88EB-722389A25A4A>