dyn buckets
Luigi Rizzo
rizzo at icir.org
Sat Sep 11 06:24:13 PDT 2004
On Fri, Sep 10, 2004 at 03:51:48PM -0400, Don Bowman wrote:
> From: owner-freebsd-net at freebsd.org
> > I have a firewall running 4.10 that handles around
> > 20mbits/sec of traffic
> > and has around 500 ipfw rules.
> >
> > Lately I've noticed that net.inet.ip.fw.curr_dyn_buckets
> > seems to be maxing
> > out. I've increased net.inet.ip.fw.dyn_buckets a few times,
what hits the limit is the number of rules not the number
of buckets -- try raising net.inet.ip.fw.dyn_max as
suggested.
cheers
luigi
> > but they seem
> > to max out each time.
> >
> > Is there any problem with increasing
> > net.inet.ip.fw.dyn_buckets far beyond
> > the default? (I'm at 2048 now)
>
> I use
> net.inet.ip.fw.dyn_buckets=16384
> net.inet.ip.fw.dyn_syn_lifetime=5
> net.inet.ip.fw.dyn_max=32000
>
>
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
More information about the freebsd-net
mailing list