IPFW and Dynamic Rules
Thomas T. Veldhouse
veldy at veldy.net
Wed Jan 21 12:19:46 PST 2004
Dinesh Nair wrote:
> seems like you're hitting this limit with too many keep-state rules in
> your ipfw ruleset. try trimming them down a little, by adding in
> specific reverse packet flow rules.
>
It does not take many at all to hit the limit. This is what I used to use
[in /etc/sysctl.conf] on a webserver with great success:
# increase the number of dynamic firewall rules allowed
net.inet.ip.fw.dyn_max=3000
Tom Veldhouse
More information about the freebsd-questions
mailing list