« PAE and 8GB - page fault
MPPC compression for FreeBSD »

ipfw: install_state: Too many dynamic rules

Trying to keep server live under huge DDoS. After some time following message appeared:
ipfw: install_state: Too many dynamic rules

Problem solved after i change following sysctl value:

net.inet.ip.fw.dyn_max


As for me, optimal value: 16384
Current amount of rules you can found in following counter:

net.inet.ip.fw.dyn_count

Also, under DDoS, a good idea to enable full stealth mode for TCP and UDP.

net.inet.tcp.blackhole=2
net.inet.udp.blackhole=1

This entry was posted on Sunday, July 29th, 2007 at 8:39 pm and is filed under Networking, FreeBSD. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Prev Post: PAE and 8GB - page fault
Next Post: MPPC compression for FreeBSD
Main Page: ZulusTips index

Leave a Reply

You must be logged in to post a comment.