Date: Thu, 16 Sep 2004 23:57:00 -0500 From: Norm Vilmer <norm@etherealconsulting.com> To: freebsd-questions@freebsd.org Subject: Too many dynamic rules, sorry Message-ID: <414A6E9C.4060708@etherealconsulting.com>
next in thread | raw e-mail | index | archive | help
If I repeatedly nmap my FreeBSD 4.10 machine configured with ipfirewall, I get the message "Too many dynamic rules, sorry". Doing a sysctl -a |grep ip.fw I can see the the net.inet.ip.fw.dyn_count has reached the max value of 8192 that I set. The net.inet.ip.fw.dyn_ack_lifetime is set to 300, so the dynamic rule count starts going down after about 5 minutes after the simulated attack. Questions: When this happens, if my firewall still fully operational, in other words can I safely ignore this message? Is there a way to fix this?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?414A6E9C.4060708>