Date: Wed, 21 Jan 2004 11:20:52 -0800 (PST) From: Dave McCammon <davemac11@yahoo.com> To: questions@freebsd.org Subject: Re: IPFW and Dynamic Rules Message-ID: <20040121192052.15532.qmail@web41403.mail.yahoo.com> In-Reply-To: <200401211727.i0LHRW56010949@smtp.techweavers.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--- Adam Seniuk <adams@techweavers.net> wrote:
> I keep getting /kernel: Too many dynamic rules,
> sorry im my log file several
> times and i am not sure whats going on I have read
> some articles but they
> are all in 2000 and for FreeBSD 4.0.
>
> If someone could give me a clue into what this is
> and how I can fix it. That
> would be great!
>
> Thanks.
>
>
> Adam Seniuk
>
> adams@techweavers.net
>
[snip]
>From the IPFW(8)
net.inet.ip.fw.dyn_max: 8192
Maximum number of dynamic rules. When
you hit this limit, no more dynamic rules can be
installed until old ones expire.
Default on my FBSD 4.9 box with (options IPFW2 in
kernel config) is 4096.
It may be helpful to tweak this setting or adjust the
expire time.(net.inet.ip.fw.dyn_ack_lifetime). There
are other sysctl knobs you can tweak. Check the man
page.
__________________________________
Do you Yahoo!?
Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes
http://hotjobs.sweepstakes.yahoo.com/signingbonus
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040121192052.15532.qmail>