ipfw.reachedmaxstates events






This message occurs when the ipfw firewall fails to create a new dynamic state entry for a "keep-state" rule because the number of dynamic state entries has reached the maximum allowed value of 32768. The "keep-state" rule is used by the firewall to keep track of whether a connection is established. States are maintained by firewall for TCP, UDP, BGP, and ESP packets. This message occurs at most once every 60 seconds; it lists the most recent connections to reach the limit.

Corrective Action


Syslog Message

The ipfw firewall failed to create dynamic "keep-state" entry. Reason: %s, current # of entries: %d. Recent connections reaching this limit: %s


message (STRING): Information about the failed ipfw dynamic state creation.
current_states_held (INT): Current total number of ipfw dynamic "keep state" entries held.
cnn_message (STRING): Information about recent connections that reached the limit.