Random freezes
Rémy Sanchez
remy.sanchez at hyperthese.net
Wed Sep 28 22:25:54 UTC 2011
On Tuesday 27 September 2011 20:28:15 Chuck Swiger wrote:
> Sounds like you're running out of dynamic rule entries.
>
> Check net.inet.ip.fw.dyn_count sysctl and increase net.inet.ip.fw.dyn_max
> as needed. Also consider not using stateful rules for UDP traffic like
> DNS and NTP if at all possible...
Well, it could have been that, but unfortunately after 1 day of pushing the
limit to 32768 (whereas we have in average 1500 states), it is still not
working.
Maybe that we can go without DNS states, but I doubt that it solves the
problem.
Any other suggestion ?
--
Rémy Sanchez
http://hyperthese.net/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
Url : http://lists.freebsd.org/pipermail/freebsd-ipfw/attachments/20110928/38b1c5a0/attachment.pgp
More information about the freebsd-ipfw
mailing list