Strange count of dynamic rules
Luigi Rizzo
rizzo at icir.org
Mon Jun 9 16:06:56 PDT 2003
hi,
On Tue, May 27, 2003 at 08:32:10AM +0700, Olivier Nicole wrote:
>
> And I am puzzled with the number of dynamic rules that are installed.
>
> firewall<root>125: ipfw -d list | grep "<->" | wc
> 1849 20651 157940
>
> tells me that there are 1849 dynamic rules (both active and expired)
actually according to the docs, '-d' does not list expired
rules, so you might have a large number of the latter.
I am not sure on what type of dynamic rules you are using,
so it is hard to tell what is going wrong (if anything).
cheers
luigi
> but:
>
> firewall<root>127: sysctl net.inet.ip.fw.dyn_count
> net.inet.ip.fw.dyn_count: 15910
>
> tells me that there are 15910 dynamic rules.
>
> So where is the truth? Or is that something I missunderstand?
>
> Problem is that net.inet.ip.fw.dyn_count will never count down and
> reach the limit of 65535 very soon (coupleof hours), and then nothing
> can get through.
>
> BTW, I am running FreeBSD 4.8 with IPFW2
>
> Best regards,
>
> Olivier
> _______________________________________________
> freebsd-ipfw at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
More information about the freebsd-ipfw
mailing list