Strange count of dynamic rules
Olivier Nicole
on at cs.ait.ac.th
Mon May 26 18:30:45 PDT 2003
Hi,
I am trying to install a standalone firewall between my LAN and my
router to outside world.
And I am puzzled with the number of dynamic rules that are installed.
firewall<root>125: ipfw -d list | grep "<->" | wc
1849 20651 157940
tells me that there are 1849 dynamic rules (both active and expired)
but:
firewall<root>127: sysctl net.inet.ip.fw.dyn_count
net.inet.ip.fw.dyn_count: 15910
tells me that there are 15910 dynamic rules.
So where is the truth? Or is that something I missunderstand?
Problem is that net.inet.ip.fw.dyn_count will never count down and
reach the limit of 65535 very soon (coupleof hours), and then nothing
can get through.
BTW, I am running FreeBSD 4.8 with IPFW2
Best regards,
Olivier
More information about the freebsd-ipfw
mailing list