On Wed, 21 Jan 2004, Adam Seniuk wrote:

> I keep getting /kernel: Too many dynamic rules, sorry im my log file
> several times and i am not sure whats going on I have read some articles
> but they are all in 2000 and for FreeBSD 4.0.

from the ipfw(4) man page:

net.inet.ip.fw.dyn_max: 8192
             Maximum number of dynamic rules.  When you hit this limit, no
             more dynamic rules can be installed until old ones expire.

seems like you're hitting this limit with too many keep-state rules in
your ipfw ruleset. try trimming them down a little, by adding in specific
reverse packet flow rules.

for eg,

# allow dns queries out to the world
allow udp from me to any 53 keep-state out

could be split to

# allow dns queries out to the world
allow udp from me to any 53 out
# allow incoming dns responses
allow udp from any 53 to me in

Regards,                           /\_/\   "All dogs go to heaven."
[EMAIL PROTECTED]                (0 0)    http://www.alphaque.com/
+==========================----oOO--(_)--OOo----==========================+
| for a in past present future; do                                        |
|   for b in clients employers associates relatives neighbours pets; do   |
|   echo "The opinions here in no way reflect the opinions of my $a $b."  |
| done; done                                                              |
+=========================================================================+

_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to