Date: Fri, 10 Sep 2004 14:56:32 -0400 From: Ben Bentsen <freebsd@usww.com> To: freebsd-ipfw@freebsd.org Subject: kernel: ipfw: install_state: Too many dynamic rules Message-ID: <4141F8E0.8060700@usww.com>
next in thread | raw e-mail | index | archive | help
Hello group, Can any shed a little light on the following error messages. I have spent a great deal of time looking at what is running at about 9:30am-9:45am and have found nothing that I can pin to these errors. No cron jobs are running anywhere even close to the time. TCPdump does not shed any light either. This machine has only one purpose to pass, count, limit and deny packets to a network Only SSH and FTP services are enabled on this machine. What conditions case this message maybe I am looking in the wrong place. INET ---- This Machine --- Catalyst 2820 ------ 14 computer units Aug 7 09:41:34 7206 /kernel: ipfw: install_state: Too many dynamic rules Aug 10 09:41:207206 /kernel: ipfw: install_state: Too many dynamic rules Aug 13 09:41:31 7206 /kernel: ipfw: install_state: Too many dynamic rules Aug 15 09:41:29 7206 /kernel: ipfw: install_state: Too many dynamic rules Aug 15 09:41:30 7206 /kernel: ipfw: install_state: Too many dynamic rules Aug 15 10:41:23 7206 /kernel: ipfw: install_state: Too many dynamic rules Aug 17 09:40:50 7206 /kernel: ipfw: install_state: Too many dynamic rules Aug 20 09:35:35 7206 /kernel: ipfw: install_state: Too many dynamic rules Aug 23 09:35:17 7206 /kernel: ipfw: install_state: Too many dynamic rules Aug 27 09:35:33 7206 /kernel: ipfw: install_state: Too many dynamic rules Aug 31 09:35:31 7206 /kernel: ipfw: install_state: Too many dynamic rules Sep 1 09:35:29 7206 /kernel: ipfw: install_state: Too many dynamic rules Sep 2 09:35:24 7206 /kernel: ipfw: install_state: Too many dynamic rules Sep 3 09:34:58 7206 /kernel: ipfw: install_state: Too many dynamic rules Sep 5 09:35:06 7206 /kernel: ipfw: install_state: Too many dynamic rules Sep 6 09:34:41 7206 /kernel: ipfw: install_state: Too many dynamic rules Sep 7 09:35:00 7206 /kernel: ipfw: install_state: Too many dynamic rules Sep 7 09:35:33 7206 /kernel: ipfw: install_state: Too many dynamic rules Sep 8 09:34:34 7206 /kernel: ipfw: install_state: Too many dynamic rules Sep 9 09:34:41 7206 /kernel: ipfw: install_state: Too many dynamic rules Sep 10 09:34:59 7206 /kernel: ipfw: install_state: Too many dynamic rules I am using FreeBSD 4.10-RELEASE FreeBSD 4.10-RELEASE #0 with IPFW2 compiled in and all the IPV6 compiled out. The firewall is pretty generic: /etc/rc.local sysctl net.link.ether.bridge_cfg=rl0:0,rl1:0 sysctl net.link.ether.bridge_ipfw=1 sysctl net.link.ether.bridge=1 ipfw -q add 00009 count log logamount 1000 icmp from any to any icmptypes 0 ipfw -q add 00009 count log logamount 1000 icmp from any to any icmptypes 1 ipfw -q add 00009 count log logamount 1000 icmp from any to any icmptypes 2 ipfw -q add 00009 count log logamount 1000 icmp from any to any icmptypes 3 ipfw -q add 00009 count log logamount 1000 icmp from any to any icmptypes 4 ipfw -q add 00009 count log logamount 1000 icmp from any to any icmptypes 5 ipfw -q add 00009 count log logamount 1000 icmp from any to any icmptypes 6 ipfw -q add 00009 count log logamount 1000 icmp from any to any icmptypes 7 ipfw -q add 00009 count log logamount 1000 icmp from any to any icmptypes 8 ipfw -q add 00009 count log logamount 1000 icmp from any to any icmptypes 9 ipfw -q add 00009 count log logamount 1000 icmp from any to any icmptypes 10 ipfw -q add 00009 count log logamount 1000 icmp from any to any icmptypes 11 ipfw -q add 00009 count log logamount 1000 icmp from any to any icmptypes 12 ipfw -q add 00009 count log logamount 1000 icmp from any to any icmptypes 13 ipfw -q add 00009 count log logamount 1000 icmp from any to any icmptypes 14 ipfw -q add 00009 count log logamount 1000 icmp from any to any icmptypes 15 ipfw -q add 00009 count log logamount 1000 icmp from any to any icmptypes 16 ipfw -q add 00009 count log logamount 1000 icmp from any to any icmptypes 17 ipfw -q add 00009 count log logamount 1000 icmp from any to any icmptypes 18 ipfw -q add 00009 count log logamount 1000 icmp from any to any ipfw -q add 50 deny log logamount 10000 ip from any to any 135 ipfw -q add 50 deny log logamount 10000 ip from any to any 445 ipfw -q add 50 deny log logamount 10000 ip from any to any 139 ipfw -q add 00020 deny log logamount 10000 ip from any to any in frag ipfw -q add 00020 deny log logamount 10000 tcp from any to any in frag ipfw -q add 00020 deny log logamount 10000 udp from any to any in frag ipfw -q add 00020 deny log logamount 10000 icmp from any to any in frag for i in (Several Mac Addresses) do ipfw -q add 100 count mac $i 00:e0:a3:1f:f0:2b ipfw -q add 100 count mac 00:e0:a3:1f:f0:2b $i done ipfw -q add 150 pipe 1 tcp from 216.104.X.X 20,21,25,80,110 to any;ipfw pipe 1 config bw 450Kbit/s ipfw -q add 151 pipe 2 tcp from 216.104.X.X 554,4040,5050,6763,7070,8080 to any;ipfw pipe 2 config bw 384kbit/s ipfw -q add 200 check-state ipfw -q add 275 count all from any to any keep-state ipfw -q add 302 drop all from 172.16.0.0/12 to any in via rl0 ipfw -q add 304 drop all from 192.168.0.0/16 to any in via rl0 ipfw -q add 01150 deny log logamount 10000 ip from any to any in frag ipfw -q add 01150 deny log logamount 10000 tcp from any to any in frag ipfw -q add 01150 deny log logamount 10000 udp from any to any in frag ipfw -q add 01150 deny log logamount 10000 icmp from any to any in frag
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4141F8E0.8060700>