Date: Sun, 4 Jan 2004 20:40:21 -0500 From: Leo Bicknell <bicknell@ufp.org> To: freebsd-hackers@freebsd.org Subject: Re: ipfw2 problem Message-ID: <20040105014021.GA10653@ussenterprise.ufp.org> In-Reply-To: <6.0.1.1.2.20040104165741.029d6940@202.179.0.80> References: <6.0.1.1.2.20040104165741.029d6940@202.179.0.80>
next in thread | previous in thread | raw e-mail | index | archive | help
--uAKRQypu60I7Lcqm Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable In a message written on Sun, Jan 04, 2004 at 05:32:17PM +0800, Ganbold wrot= e: > me what will happen when net.inet.ip.fw.dyn_count reaches=20 > net.inet.ip.fw.dyn_max value? As a random passing thought... Anytime a new dynamic rule is denied due to reaching dyn_max, a new counter, eg, "dropped_dyn_rules" should be incremented, so the user can at least verify the limit is the problem. --=20 Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org --uAKRQypu60I7Lcqm Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE/+MCFNh6mMG5yMTYRApbuAJ98eJNMMR8yYX0dMm9A8WCBXO6fRQCeMrlI YkxHTR4LjIRdvxF8S3Yst8I= =A8vt -----END PGP SIGNATURE----- --uAKRQypu60I7Lcqm--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040105014021.GA10653>