From owner-freebsd-questions@FreeBSD.ORG Thu Sep 18 10:41:04 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BB3FE16A4B3 for ; Thu, 18 Sep 2003 10:41:04 -0700 (PDT) Received: from ns1.tcbug.org (12-218-40-24.client.mchsi.com [12.218.40.24]) by mx1.FreeBSD.org (Postfix) with ESMTP id B858143F85 for ; Thu, 18 Sep 2003 10:41:03 -0700 (PDT) (envelope-from friar_josh@tcbug.org) Received: by ns1.tcbug.org (Postfix, from userid 1012) id 1D7FEA187; Thu, 18 Sep 2003 12:39:29 -0500 (CDT) Date: Thu, 18 Sep 2003 12:39:29 -0500 From: Josh Paetzel To: Mark Message-ID: <20030918173928.GP27665@tcbug.org> References: <200309180021.H8I0LW3P072727@asarian-host.net> <20030918005303.GJ27665@tcbug.org> <200309181721.H8IHLA3P006459@asarian-host.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200309181721.H8IHLA3P006459@asarian-host.net> User-Agent: Mutt/1.5.4i cc: Josh Paetzel cc: freebsd-questions@freebsd.org Subject: Re: Ipfw on the fritz? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Sep 2003 17:41:04 -0000 On Thu, Sep 18, 2003 at 05:21:36PM +0000, Mark wrote: > ----- Original Message ----- > From: "Josh Paetzel" > To: "Mark" > Cc: > Sent: Thursday, September 18, 2003 2:54 AM > Subject: Re: Ipfw on the fritz? > > > On Thu, Sep 18, 2003 at 12:21:58AM +0000, Mark wrote: > > > > > Eek, I just got these eery messages in /var/log/messages: > > > > > > > The following thread may be of interest to you: > > > > http://lists.freebsd.org/pipermail/freebsd-ipfw/2003-June/000215.html > > Thank you for the thread. But a bad situation just got worse; all of a > sudden I got these too: > > Sep 18 17:45:06 asarian-host /kernel: drop session, too many entries > Sep 18 17:45:06 asarian-host /kernel: drop session, too many entries > Sep 18 17:45:16 asarian-host /kernel: drop session, too many entries > Sep 18 17:45:16 asarian-host /kernel: drop session, too many entries > > Too many entries? I have "net.inet.ip.fw.dyn_max" set to 1000. And there are > certainly not a 1000+ dynamic rules. Well, thinking out loud, there would be > if "OUCH! cannot remove rule". :( Looks like that is what is happening here. > > Is there an ipfw patch somewhere, so I can rebuild the kernel? I do not wish > to perform a cvsup, as that tends to make the system unstable. But if I can > compile a new kernel on a Vmware box, and then copy over /kernel to the real > server, well, that I dare give a try. > > Thanks, > > - Mark I don't know if an ipfw patch exists or not. I'm tempted to say there probably isn't, but I could be way off base there. I don't know what you mean about cvsup making the system unstable, I've had very good luck tracking RELENG_4_8, which is nothing more than 4.8-RELEASE with bug fixes. As far as running a new kernel, you can't run a new kernel on an old userland, that will break numerous things on your system. :-/ Josh Paetzel