ipfw problems?
Oleg Bulyzhin
oleg at freebsd.org
Tue Apr 25 22:29:24 UTC 2006
On Tue, Apr 25, 2006 at 02:34:03PM +0200, Ivan Voras wrote:
>
> I forgot to add, here is the ipfw ruleset:
>
> 00500 691658783 639225488899 allow ip from any to any via lo0
> 01000 99014 6833994 allow icmp from any to any
> 05000 160430605 76502643136 allow tcp from me to any setup keep-state
> 05100 1002529 109535100 allow udp from me to any keep-state
> 05500 6900233 3554390307 allow tcp from X.X.X.107 to me setup keep-state
> 05505 0 0 allow udp from X.X.X.107 to me keep-state
> 06022 258788 52462014 allow tcp from X.X.X.0/24 to me dst-port 22
> setup keep-state
> 06080 300599299 153827836772 allow tcp from any to me dst-port 80 setup
> keep-state
> 06443 9801709 3876114253 allow tcp from any to me dst-port 443 setup
> keep-state
> 65400 2381270 592034925 deny log ip from any to any
> 65535 0 0 deny ip from any to any
> _______________________________________________
> freebsd-stable at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
Next time this happen check following sysctls:
net.inet.ip.fw.dyn_max
net.inet.ip.fw.dyn_count
I guess you've hit the limit.
--
Oleg.
More information about the freebsd-stable
mailing list