From owner-freebsd-questions  Fri Nov  9  3: 8:50 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from web13305.mail.yahoo.com (web13305.mail.yahoo.com [216.136.175.41])
	by hub.freebsd.org (Postfix) with SMTP id 72A0837B405
	for <questions@FreeBSD.ORG>; Fri,  9 Nov 2001 03:08:47 -0800 (PST)
Message-ID: <20011109110847.90547.qmail@web13305.mail.yahoo.com>
Received: from [193.174.9.99] by web13305.mail.yahoo.com via HTTP; Fri, 09 Nov 2001 12:08:47 CET
Date: Fri, 9 Nov 2001 12:08:47 +0100 (CET)
From: =?iso-8859-1?q?m=20p?= <sumirati@yahoo.de>
Subject: Re: too many dynamic rules
To: cjclark@alum.mit.edu, setantae@submonkey.net
Cc: questions@FreeBSD.ORG
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

"Crist J. Clark" wrote:
> 
> On Thu, Nov 08, 2001 at 08:12:07PM +0000, setantae wrote:
> >
> > Can't find anything in the archives at MARC, and not sure which list
> > I should be talking to, so please set followups appropriately if it
> > bothers you.
> >
> > For approximately 18 seconds today my firewall went apesh*t
> >  (these are all relevant entries) :
> >
> > Nov  8 14:47:45 rhadamanth /kernel: Too many dynamic rules, sorry
> > Nov  8 14:47:45 rhadamanth natd[218]: failed to write packet back
(Permission denied)
> 
> [snip]
> 
> > At the time there was only one user logged onto the box, and no clients
> > behind the firewall - unfortunately I have no idea what I was doing at the
> > time,
> 
> You wouldn't have happened to have been port scanning someone (nmap or
> the like)?

Hi,

he said, that he was upgrading the ports-collection on his machine. For that
purpose a connection to every ftp where the source is will be made. That may
exceed on a fast connction the maximum defined for dynamic rules.

So please check your setting how many dynamic rules you allow and add some
during port upgrade :)

Just my DEM 0.02

Marc

__________________________________________________________________

Gesendet von Yahoo! Mail
http://mail.yahoo.de

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message