Date: Tue, 27 Sep 2011 11:28:15 -0700 From: Chuck Swiger <cswiger@mac.com> To: =?iso-8859-1?Q?R=E9my_Sanchez?= <remy.sanchez@hyperthese.net> Cc: freebsd-ipfw@freebsd.org Subject: Re: Random freezes Message-ID: <F97D0858-A51D-4FA6-88EB-722389A25A4A@mac.com> In-Reply-To: <201109271958.29919.remy.sanchez@hyperthese.net> References: <201109271958.29919.remy.sanchez@hyperthese.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi-- On Sep 27, 2011, at 10:57 AM, R=E9my Sanchez wrote: > The only solution we have so far : we just reload the rules, and = everything=20 > gets back to normal. Which is a bit unpleasant I must say... >=20 > So, I've fallen short of ideas, does anyone see why some rules just = block like=20 > that ? Maybe we should move to the in-kernel NAT ? Sounds like you're running out of dynamic rule entries. Check net.inet.ip.fw.dyn_count sysctl and increase = net.inet.ip.fw.dyn_max as needed. Also consider not using stateful = rules for UDP traffic like DNS and NTP if at all possible... Regards, --=20 -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F97D0858-A51D-4FA6-88EB-722389A25A4A>