----- Original Message ----- From: "Josh Paetzel" <[EMAIL PROTECTED]> To: "Mark" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Thursday, September 18, 2003 2:54 AM Subject: Re: Ipfw on the fritz?
> On Thu, Sep 18, 2003 at 12:21:58AM +0000, Mark wrote: > > > Eek, I just got these eery messages in /var/log/messages: > > > > Sep 18 02:00:18 asarian-host /kernel: OUCH! cannot remove rule, count 1 > > Sep 18 02:00:18 asarian-host /kernel: OUCH! cannot remove rule, count 1 > > Sep 18 02:00:18 asarian-host /kernel: OUCH! cannot remove rule, count 2 > > Sep 18 02:00:18 asarian-host /kernel: OUCH! cannot remove rule, count 2 > > Sep 18 02:00:18 asarian-host /kernel: OUCH! cannot remove rule, count 1 > > Sep 18 02:00:18 asarian-host /kernel: OUCH! cannot remove rule, count 1 > > > > That does not look good. :( I run FreeBSD 4.7R. Today I added a few > > rules using "limit src-addr". Could that be it? And what does it mean? > > Are some rules broken after this? I never had this happen before. Why > > would ipfw even want to remove rules? > > > > Baffled & Concerned, > > > > - Mark > > The following thread may be of interest to you: > > http://lists.freebsd.org/pipermail/freebsd-ipfw/2003-June/000215.html Thank you for the thread. But a bad situation just got worse; all of a sudden I got these too: Sep 18 17:45:06 asarian-host /kernel: drop session, too many entries Sep 18 17:45:06 asarian-host /kernel: drop session, too many entries Sep 18 17:45:16 asarian-host /kernel: drop session, too many entries Sep 18 17:45:16 asarian-host /kernel: drop session, too many entries Too many entries? I have "net.inet.ip.fw.dyn_max" set to 1000. And there are certainly not a 1000+ dynamic rules. Well, thinking out loud, there would be if "OUCH! cannot remove rule". :( Is there an ipfw patch somewhere, so I can rebuild the kernel? I do not wish to perform a cvsup, as that tends to make the system unstable. But if I can compile a new kernel on a Vmware box, and then copy over /kernel to the real server, well, that I dare give a try. Thanks, - Mark _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
