Dinesh Nair wrote: > seems like you're hitting this limit with too many keep-state rules in > your ipfw ruleset. try trimming them down a little, by adding in > specific reverse packet flow rules. >
It does not take many at all to hit the limit. This is what I used to use [in /etc/sysctl.conf] on a webserver with great success: # increase the number of dynamic firewall rules allowed net.inet.ip.fw.dyn_max=3000 Tom Veldhouse _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
