Quite often I will see the following message ….
ipfw: install_state: Too many dynamic rules
I use a lot of dynamic UDP rules and these messages are quite common on my heavily utilized DNS servers. To solve this problem, I added the following sysctl line into /etc/sysctl.conf. You will have to see what is the best value for you. For me it turned out to be 16384
net.inet.ip.fw.dyn_max=16384