kernel: ipfw: install_state: Too many dynamic rules

Okay this sucks. I am running FreeBSD 7 on a few servers, and i get a load of ddos  everyday. At some point, the server would stop accepting connections, but the already established connections would work just fine.

If you have to get rid of that message and restore services availability, then have fun with /etc/sysctl.conf, where you setup : net.inet.ip.fw.dyn_max=16384.

Now – that value may not be the same for everybody, but you can keep tweaking until you reach the sweet spot.

Save the changes by : sysctl -w net.inet.ip.fw.dyn_max=16384 on FreeBSD 7