Date: Sat, 21 Oct 2000 12:09:28 -0700 (PDT) From: Rudy <rudy@monkeybrains.net> To: freebsd-net@FreeBSD.org Subject: '/kernel: Too many dynamic rules, sorry' Message-ID: <Pine.BSF.4.21.0010211151490.94231-100000@pizza.monkeybrains.net>
next in thread | raw e-mail | index | archive | help
I got '/kernel: Too many dynamic rules, sorry' for the first time. To got rid of keep-state on my port 80 and the problem went away. [1] Are other people using keep-state webservers? What are their sysctl values? I noticed the default hash size is '256'. The /etc/default/make.conf recommends a prime number for the 'top' hash table: # top(1) uses a hash table for the user names. The size of this hash # can be tuned to match the number of local users. The table size should # be a prime number approximately twice as large as the number of lines in # /etc/passwd. Also there are various articles recommending prime numbers for hashes on the web: http://pauillac.inria.fr/caml/man-caml/node15.8.html [2] Does primeness matter with net.inet.ip.fw.dyn_buckets? Wondering what to set the sysctl values to, I searched some more and found luigi's advice: http://docs.freebsd.org/cgi/getmsg.cgi?fetch=285503+0+archive/2000/freebsd-net/20000220.freebsd-net I am running a server and saw this comment: 'Note, this behaviour is probably appropriate for a workstation.' [3] Should I not use keep-state on servers? [4] A nice feature would be the ability to extend timeouts within the ipfw ruleset for specific ports. For instance, I'd like to change the timeout for my ssh connections from 5 minutes to 60 minutes. Something like: allow tcp from any to any 22 keep-state ack-lifetime 3600 in recv fxp0 setup Rudy --------------------------------------------------- Join my ISP: http://www.monkeybrains.net/ --------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0010211151490.94231-100000>