Date: Wed, 21 Jan 2004 14:19:13 -0600 From: "Thomas T. Veldhouse" <veldy@veldy.net> To: "Dinesh Nair" <dinesh@alphaque.com>, "Adam Seniuk" <adams@techweavers.net> Cc: freebsd-questions@freebsd.org Subject: Re: IPFW and Dynamic Rules Message-ID: <009601c3e05b$d67148a0$d037630a@nic.target.com> References: <20040122035407.K532-100000@prophet.alphaque.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Dinesh Nair wrote: > seems like you're hitting this limit with too many keep-state rules in > your ipfw ruleset. try trimming them down a little, by adding in > specific reverse packet flow rules. > It does not take many at all to hit the limit. This is what I used to use [in /etc/sysctl.conf] on a webserver with great success: # increase the number of dynamic firewall rules allowed net.inet.ip.fw.dyn_max=3000 Tom Veldhouse
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?009601c3e05b$d67148a0$d037630a>