Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 27 Sep 2011 11:28:15 -0700
From:      Chuck Swiger <cswiger@mac.com>
To:        =?iso-8859-1?Q?R=E9my_Sanchez?= <remy.sanchez@hyperthese.net>
Cc:        freebsd-ipfw@freebsd.org
Subject:   Re: Random freezes
Message-ID:  <F97D0858-A51D-4FA6-88EB-722389A25A4A@mac.com>
In-Reply-To: <201109271958.29919.remy.sanchez@hyperthese.net>
References:  <201109271958.29919.remy.sanchez@hyperthese.net>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Hi--

On Sep 27, 2011, at 10:57 AM, R=E9my Sanchez wrote:
> The only solution we have so far : we just reload the rules, and =
everything=20
> gets back to normal. Which is a bit unpleasant I must say...
>=20
> So, I've fallen short of ideas, does anyone see why some rules just =
block like=20
> that ? Maybe we should move to the in-kernel NAT ?

Sounds like you're running out of dynamic rule entries.

Check net.inet.ip.fw.dyn_count sysctl and increase =
net.inet.ip.fw.dyn_max as needed.  Also consider not using stateful =
rules for UDP traffic like DNS and NTP if at all possible...

Regards,
--=20
-Chuck




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?F97D0858-A51D-4FA6-88EB-722389A25A4A>