Today I booted r242670 from the console and noticed an error. This
is one line from the end of dmesg:
ipfw: ipfw_install_state: Too many dynamic rules
The ruleset has always been dynamic and has no additional rules.
Search engines produced similar error messages, but no information
that seems to be the correct solution.
I have a basically identical ruleset on fbsd91 and no error message.
That means that the dynamic rules generated by the keep-state keyword hit
the currently-confgured limit. If you get hit with a lot of random traffic
that matches a keep-state rule, you'll get that message. It's not the rules
themselves that cause this, it's the traffic.
That makes sense. Recently I began to run an ntp server there.
Run "sysctl net.inet.ip.fw.dyn_max net.inet.ip.fw.dyn_count" and compare the
two values. If count is near to dyn_max, you can simply raise dyn_max.
It's a writeable sysctl. I set it to 65535 on my systems in
/etc/sysctl.conf with no apparent ill effects.
This is just an internal server, so at first will try an increment:
net.inet.ip.fw.dyn_max=16384
Thank you,
Darrel
_______________________________________________
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
