Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 29 Sep 2011 00:25:12 +0200
From:      =?iso-8859-1?q?R=E9my_Sanchez?= <remy.sanchez@hyperthese.net>
To:        freebsd-ipfw@freebsd.org
Subject:   Re: Random freezes
Message-ID:  <201109290025.22202.remy.sanchez@hyperthese.net>
In-Reply-To: <F97D0858-A51D-4FA6-88EB-722389A25A4A@mac.com>
References:  <201109271958.29919.remy.sanchez@hyperthese.net> <F97D0858-A51D-4FA6-88EB-722389A25A4A@mac.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
--nextPart4658668.LArootMMVP
Content-Type: Text/Plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

On Tuesday 27 September 2011 20:28:15 Chuck Swiger wrote:
> Sounds like you're running out of dynamic rule entries.
>=20
> Check net.inet.ip.fw.dyn_count sysctl and increase net.inet.ip.fw.dyn_max
> as needed.  Also consider not using stateful rules for UDP traffic like
> DNS and NTP if at all possible...

Well, it could have been that, but unfortunately after 1 day of pushing the=
=20
limit to 32768 (whereas we have in average 1500 states), it is still not=20
working.

Maybe that we can go without DNS states, but I doubt that it solves the=20
problem.

Any other suggestion ?

=2D-=20
R=E9my Sanchez
http://hyperthese.net/

--nextPart4658668.LArootMMVP
Content-Type: application/pgp-signature; name=signature.asc 
Content-Description: This is a digitally signed message part.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEABECAAYFAk6DnsgACgkQpMMQ4XyIN1YAPwCfS1Fh5ctULfUI8nG6BRu+5YGT
nEUAoLEYrJMrKA0eG9mZ8JrGIHwg9jpe
=O60i
-----END PGP SIGNATURE-----

--nextPart4658668.LArootMMVP--



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?201109290025.22202.remy.sanchez>