I recently setup a box on our network, running FreeBSD 4.4-PRERELEASE,
with ipfw and dummynet to do bandwidth shaping as well as firewalling ...
The machine is a Dual PIII 733 w/1gig of RAM and 2xfxp0 devices ...
I've got an /etc/fw.rules file that has ~1200 rules in it so far, and
still have more that I want to put in, but today the machine locked up
solid ...
I ended up re-starting the machine with fw set to open, and loaded a few
rules at a time ... got up to 747 rules before the machine pretty much
ground to a halt, with the occasional keystroke going through ...
~900 or so of the rules are purely 'pass thru' rules ... we have two
connections to the internet ... one that costs us nothing, and one that
costs us quite dearly ... we want to allow all traffic that goes to sites
on the 'costs us nothing' network to go through unimpeded, while that
which goes through the 'costs us quite dearly' to be 'shaped' ... th ~900
rules are the ones that define those b-class networks that are on the
'costs us nothing' network ...
I'm not seeing any errors on the console to indicate a problem, it just
slowly grinds to a halt ... is there a setting in the kernel, or
somewhere, that I should be setting to allow fur such a high number of
rules, or is it just not possible to do more then a few hundred? :(
Thanks
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
