ipfw: Too many dynamic rules
Gareth de Vaux
bsd at lordcow.org
Wed Sep 15 14:24:28 UTC 2010
On Tue 2010-09-14 (13:54), Gareth de Vaux wrote:
> On Tue 2010-09-14 (04:30), Jeremy Chadwick wrote:
> > Regarding net.inet.tcp.finwait2_timeout=15000 -- you don't see any
> > improvement at all? That's a bit strange. There's probably something
> If there was an improvement it was subtle (I was doing sporadic
> measurements), just that in the end my firewall was getting overloaded
> either way.
Yeah looks like a bit of an improvement but I also wasn't controlling for
end user usage so can't say for sure without rerunning.
Setting net.inet.tcp.fast_finwait2_recycle=1 though seems to have done the
trick, thanx. This is now typical:
$ netstat -n | grep -c FIN_WAIT_2
and my server still seems to be serving.
More information about the freebsd-stable