Too many dynamic rules, sorry
Norm Vilmer
norm at etherealconsulting.com
Thu Sep 16 21:57:05 PDT 2004
If I repeatedly nmap my FreeBSD 4.10 machine configured with ipfirewall,
I get the message "Too many dynamic rules, sorry". Doing a sysctl -a
|grep ip.fw I can see the the net.inet.ip.fw.dyn_count has reached the
max value of 8192 that I set. The net.inet.ip.fw.dyn_ack_lifetime is set
to 300, so the dynamic rule count starts going down after about 5
minutes after the simulated attack.
Questions:
When this happens, if my firewall still fully operational, in other
words can I safely ignore this message?
Is there a way to fix this?
More information about the freebsd-questions
mailing list