Date: Thu, 29 Sep 2011 00:25:12 +0200 From: =?iso-8859-1?q?R=E9my_Sanchez?= <remy.sanchez@hyperthese.net> To: freebsd-ipfw@freebsd.org Subject: Re: Random freezes Message-ID: <201109290025.22202.remy.sanchez@hyperthese.net> In-Reply-To: <F97D0858-A51D-4FA6-88EB-722389A25A4A@mac.com> References: <201109271958.29919.remy.sanchez@hyperthese.net> <F97D0858-A51D-4FA6-88EB-722389A25A4A@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart4658668.LArootMMVP Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable On Tuesday 27 September 2011 20:28:15 Chuck Swiger wrote: > Sounds like you're running out of dynamic rule entries. >=20 > Check net.inet.ip.fw.dyn_count sysctl and increase net.inet.ip.fw.dyn_max > as needed. Also consider not using stateful rules for UDP traffic like > DNS and NTP if at all possible... Well, it could have been that, but unfortunately after 1 day of pushing the= =20 limit to 32768 (whereas we have in average 1500 states), it is still not=20 working. Maybe that we can go without DNS states, but I doubt that it solves the=20 problem. Any other suggestion ? =2D-=20 R=E9my Sanchez http://hyperthese.net/ --nextPart4658668.LArootMMVP Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEABECAAYFAk6DnsgACgkQpMMQ4XyIN1YAPwCfS1Fh5ctULfUI8nG6BRu+5YGT nEUAoLEYrJMrKA0eG9mZ8JrGIHwg9jpe =O60i -----END PGP SIGNATURE----- --nextPart4658668.LArootMMVP--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201109290025.22202.remy.sanchez>