[ solved ]: Too many dynamic rules
>> Today I booted r242670 from the console and noticed an error. This
>> is one line from the end of dmesg:
>>
>> ipfw: ipfw_install_state: Too many dynamic rules
>>
>> The ruleset has always been dynamic and has no additional rules.
>> Search engines produced similar error messages, but no information
>> that seems to be the correct solution.
>>
>> I have a basically identical ruleset on fbsd91 and no error message.
>
> That means that the dynamic rules generated by the keep-state keyword hit
> the currently-confgured limit. If you get hit with a lot of random traffic
> that matches a keep-state rule, you'll get that message. It's not the rules
> themselves that cause this, it's the traffic.
>
That makes sense. Recently I began to run an ntp server there.
> Run "sysctl net.inet.ip.fw.dyn_max net.inet.ip.fw.dyn_count" and compare the
> two values. If count is near to dyn_max, you can simply raise dyn_max.
> It's a writeable sysctl. I set it to 65535 on my systems in
> /etc/sysctl.conf with no apparent ill effects.
>
This is just an internal server, so at first will try an increment:
net.inet.ip.fw.dyn_max=16384
Thank you,
Darrel
_______________________________________________
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"