Random freezes
Chuck Swiger
cswiger at mac.com
Tue Sep 27 19:28:34 UTC 2011
Hi--
On Sep 27, 2011, at 10:57 AM, Rémy Sanchez wrote:
> The only solution we have so far : we just reload the rules, and everything
> gets back to normal. Which is a bit unpleasant I must say...
>
> So, I've fallen short of ideas, does anyone see why some rules just block like
> that ? Maybe we should move to the in-kernel NAT ?
Sounds like you're running out of dynamic rule entries.
Check net.inet.ip.fw.dyn_count sysctl and increase net.inet.ip.fw.dyn_max as needed. Also consider not using stateful rules for UDP traffic like DNS and NTP if at all possible...
Regards,
--
-Chuck
More information about the freebsd-ipfw
mailing list