From owner-freebsd-stable@FreeBSD.ORG Sat Dec 9 18:06:19 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B376016A40F for ; Sat, 9 Dec 2006 18:06:19 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from colgate.yandex.ru (colgate.yandex.ru [213.180.200.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1810F43C9D for ; Sat, 9 Dec 2006 18:05:13 +0000 (GMT) (envelope-from bu7cher@yandex.ru) Received: from YAMAIL (colgate.yandex.ru) by mail.yandex.ru id ; Sat, 9 Dec 2006 21:06:10 +0300 Received: from [82.211.152.12] ([82.211.152.12]) by mail.yandex.ru with HTTP; Sat, 9 Dec 2006 21:06:09 +0300 (MSK) Date: Sat, 9 Dec 2006 21:06:09 +0300 (MSK) From: "Andrey V. Elsukov" Sender: bu7cher@yandex.ru Message-Id: <457AFB11.000008.22473@colgate.yandex.ru> MIME-Version: 1.0 X-Mailer: Yamail [ http://yandex.ru ] Errors-To: bu7cher@yandex.ru To: adrenalinup@gmail.com In-Reply-To: References: X-Source-Ip: 82.211.152.12 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Cc: freebsd-stable@freebsd.org Subject: Re: [ipfw] Dynamic rules grow indefinitely.. X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: bu7cher@yandex.ru List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Dec 2006 18:06:19 -0000 >It is a web server with ~130req/s, problems seem to start after >upgrading to a new hardware. >FreeBSD 6.1-RELEASE-p10 Can you show your /var/run/dmesg.boot, and output of `pciconf -lv` and ifconfig? >After a hour it will grow more and more.. The day before yesterday I >got 20 000 dynamic rules ;o) (I was forced to increase >net.inet.ip.fw.dyn_max because I start to got errors in syslogs). Try this: # sysctl -w net.inet.ip.fw.dyn_keepalive=0 -- WBR, Andrey V. Elsukov