network cable, rj45, patch-499792.jpg

ipfw: Too many dynamic rules

Quite often I will see the following message ….

ipfw: install_state: Too many dynamic rules

I use a lot of dynamic UDP rules and these messages are quite common on my heavily utilized DNS servers. To solve this problem, I added the following sysctl line into /etc/sysctl.conf.  You will have to see what is the best value for you. For me it turned out to be 16384

net.inet.ip.fw.dyn_max=16384

Leave a Comment

Your email address will not be published.