Date: Wed, 19 Sep 2001 00:05:34 -0400 From: Anthony Schneider <aschneid@mail.slc.edu> To: "Marc G. Fournier" <scrappy@hub.org> Cc: freebsd-security@FreeBSD.ORG, freebsd-net@FreeBSD.ORG Subject: Re: ipfw problems ... Message-ID: <20010919000534.A83486@mail.slc.edu> In-Reply-To: <20010918230726.M30377-100000@mail1.hub.org>; from scrappy@hub.org on Tue, Sep 18, 2001 at 11:14:50PM -0400 References: <20010918134410.P87162-100000@atelier.acadiau.ca> <20010918230726.M30377-100000@mail1.hub.org>
next in thread | previous in thread | raw e-mail | index | archive | help
it might have something to do with the prereleasenature of the machine. -Anthony. On Tue, Sep 18, 2001 at 11:14:50PM -0400, Marc G. Fournier wrote: > > I recently setup a box on our network, running FreeBSD 4.4-PRERELEASE, > with ipfw and dummynet to do bandwidth shaping as well as firewalling ... > > The machine is a Dual PIII 733 w/1gig of RAM and 2xfxp0 devices ... > > I've got an /etc/fw.rules file that has ~1200 rules in it so far, and > still have more that I want to put in, but today the machine locked up > solid ... > > I ended up re-starting the machine with fw set to open, and loaded a few > rules at a time ... got up to 747 rules before the machine pretty much > ground to a halt, with the occasional keystroke going through ... > > ~900 or so of the rules are purely 'pass thru' rules ... we have two > connections to the internet ... one that costs us nothing, and one that > costs us quite dearly ... we want to allow all traffic that goes to sites > on the 'costs us nothing' network to go through unimpeded, while that > which goes through the 'costs us quite dearly' to be 'shaped' ... th ~900 > rules are the ones that define those b-class networks that are on the > 'costs us nothing' network ... > > I'm not seeing any errors on the console to indicate a problem, it just > slowly grinds to a halt ... is there a setting in the kernel, or > somewhere, that I should be setting to allow fur such a high number of > rules, or is it just not possible to do more then a few hundred? :( > > Thanks > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010919000534.A83486>