>> Today I booted r242670 from the console and noticed an error. This >> is one line from the end of dmesg: >> >> ipfw: ipfw_install_state: Too many dynamic rules >> >> The ruleset has always been dynamic and has no additional rules. >> Search engines produced similar error messages, but no information >> that seems to be the correct solution. >> >> I have a basically identical ruleset on fbsd91 and no error message. > > That means that the dynamic rules generated by the keep-state keyword hit > the currently-confgured limit. If you get hit with a lot of random traffic > that matches a keep-state rule, you'll get that message. It's not the rules > themselves that cause this, it's the traffic. > That makes sense. Recently I began to run an ntp server there. > Run "sysctl net.inet.ip.fw.dyn_max net.inet.ip.fw.dyn_count" and compare the > two values. If count is near to dyn_max, you can simply raise dyn_max. > It's a writeable sysctl. I set it to 65535 on my systems in > /etc/sysctl.conf with no apparent ill effects. > This is just an internal server, so at first will try an increment: net.inet.ip.fw.dyn_max=16384 Thank you, DarrelReceived on Tue Nov 13 2012 - 14:54:45 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:32 UTC