Date: Tue, 27 May 2003 08:32:10 +0700 (ICT) From: Olivier Nicole <on@cs.ait.ac.th> To: freebsd-ipfw@freebsd.org Subject: Strange count of dynamic rules Message-ID: <200305270132.IAA02341@banyan.cs.ait.ac.th>
next in thread | raw e-mail | index | archive | help
Hi,
I am trying to install a standalone firewall between my LAN and my
router to outside world.
And I am puzzled with the number of dynamic rules that are installed.
firewall<root>125: ipfw -d list | grep "<->" | wc
1849 20651 157940
tells me that there are 1849 dynamic rules (both active and expired)
but:
firewall<root>127: sysctl net.inet.ip.fw.dyn_count
net.inet.ip.fw.dyn_count: 15910
tells me that there are 15910 dynamic rules.
So where is the truth? Or is that something I missunderstand?
Problem is that net.inet.ip.fw.dyn_count will never count down and
reach the limit of 65535 very soon (coupleof hours), and then nothing
can get through.
BTW, I am running FreeBSD 4.8 with IPFW2
Best regards,
Olivier
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200305270132.IAA02341>