Quite often I will see the following message ....

ipfw: install_state: Too many dynamic rules

I use a lot of dynamic UDP rules and these messages are quite common on my heavily utilized DNS servers. To solve this problem, I added the following sysctl line into /etc/sysctl.conf.  You will have to see what is the best value for you. For me it turned out to be 16384

net.inet.ip.fw.dyn_max=16384

• Prev
• Next