Date: Sat, 8 Jun 2002 02:37:15 +0000 From: hh <hh@dsgx.org> To: freebsd-questions@freebsd.org Subject: weird filter Message-ID: <20020608023715.69ffc69f.hh@dsgx.org>
next in thread | raw e-mail | index | archive | help
when i putted the option tcp_drop_synfin="YES" .. and on the kernel .. option TCP_DROP_SYNFIN plus an ipfw rule to limit src-addr .. i can't let the machine get busy .. like with a bunch of apache proccess .. let's say .. that way .. and i start getting Jun 8 02:10:04 some /kernel: OUCH! cannot remove rule, count 1 Jun 8 02:10:04 some /kernel: OUCH! cannot remove rule, count 1 Jun 8 02:10:05 some /kernel: OUCH! cannot remove rule, count 1 Jun 8 02:10:05 some /kernel: OUCH! cannot remove rule, count 2 Jun 8 02:10:05 some /kernel: OUCH! cannot remove rule, count 1 Jun 8 02:10:05 some /kernel: OUCH! cannot remove rule, count 2 Jun 8 02:10:05 some /kernel: OUCH! cannot remove rule, count 1 Jun 8 02:10:05 some /kernel: OUCH! cannot remove rule, count 2 bunch of them. . and after a while .. the load average goes to 100 , 120 .. and goes all the way down to 40 .. 50 .. until the apache proccess .. goes to 120 .. or something .. stops .again . and im sure is not flood, from somebody and the bsd is trying to let them in .. but the rules on kernel .. or ipfw .. are saying no .. or something .. does anybody has a clue how to stop .. this issue .. so i don't have some crazy load averages ? im running fbsd 4.5p4 thx To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020608023715.69ffc69f.hh>