Date: Mon, 9 Jun 2003 16:06:34 -0700 From: Luigi Rizzo <rizzo@icir.org> To: Olivier Nicole <on@cs.ait.ac.th> Cc: freebsd-ipfw@freebsd.org Subject: Re: Strange count of dynamic rules Message-ID: <20030609160634.A92404@xorpc.icir.org> In-Reply-To: <200305270132.IAA02341@banyan.cs.ait.ac.th>; from on@cs.ait.ac.th on Tue, May 27, 2003 at 08:32:10AM %2B0700 References: <200305270132.IAA02341@banyan.cs.ait.ac.th>
next in thread | previous in thread | raw e-mail | index | archive | help
hi, On Tue, May 27, 2003 at 08:32:10AM +0700, Olivier Nicole wrote: > > And I am puzzled with the number of dynamic rules that are installed. > > firewall<root>125: ipfw -d list | grep "<->" | wc > 1849 20651 157940 > > tells me that there are 1849 dynamic rules (both active and expired) actually according to the docs, '-d' does not list expired rules, so you might have a large number of the latter. I am not sure on what type of dynamic rules you are using, so it is hard to tell what is going wrong (if anything). cheers luigi > but: > > firewall<root>127: sysctl net.inet.ip.fw.dyn_count > net.inet.ip.fw.dyn_count: 15910 > > tells me that there are 15910 dynamic rules. > > So where is the truth? Or is that something I missunderstand? > > Problem is that net.inet.ip.fw.dyn_count will never count down and > reach the limit of 65535 very soon (coupleof hours), and then nothing > can get through. > > BTW, I am running FreeBSD 4.8 with IPFW2 > > Best regards, > > Olivier > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030609160634.A92404>