On Tuesday 27 September 2011 20:28:15 Chuck Swiger wrote: > Sounds like you're running out of dynamic rule entries. > > Check net.inet.ip.fw.dyn_count sysctl and increase net.inet.ip.fw.dyn_max > as needed. Also consider not using stateful rules for UDP traffic like > DNS and NTP if at all possible...
Well, it could have been that, but unfortunately after 1 day of pushing the limit to 32768 (whereas we have in average 1500 states), it is still not working. Maybe that we can go without DNS states, but I doubt that it solves the problem. Any other suggestion ? -- Rémy Sanchez http://hyperthese.net/
signature.asc
Description: This is a digitally signed message part.
