Date: Sun, 4 Jan 2004 20:40:21 -0500 From: Leo Bicknell <bicknell@ufp.org> To: freebsd-hackers@freebsd.org Subject: Re: ipfw2 problem Message-ID: <20040105014021.GA10653@ussenterprise.ufp.org> In-Reply-To: <6.0.1.1.2.20040104165741.029d6940@202.179.0.80> References: <6.0.1.1.2.20040104165741.029d6940@202.179.0.80>
next in thread | previous in thread | raw e-mail | index | archive | help
--uAKRQypu60I7Lcqm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
In a message written on Sun, Jan 04, 2004 at 05:32:17PM +0800, Ganbold wrot=
e:
> me what will happen when net.inet.ip.fw.dyn_count reaches=20
> net.inet.ip.fw.dyn_max value?
As a random passing thought...
Anytime a new dynamic rule is denied due to reaching dyn_max, a new
counter, eg, "dropped_dyn_rules" should be incremented, so the user
can at least verify the limit is the problem.
--=20
Leo Bicknell - bicknell@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org
--uAKRQypu60I7Lcqm
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
iD8DBQE/+MCFNh6mMG5yMTYRApbuAJ98eJNMMR8yYX0dMm9A8WCBXO6fRQCeMrlI
YkxHTR4LjIRdvxF8S3Yst8I=
=A8vt
-----END PGP SIGNATURE-----
--uAKRQypu60I7Lcqm--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040105014021.GA10653>