After about 40 days of uptime, my installation's dmesg contained such messages. There's no mention of this anywhere and Google search points me to code in repos. Ended up rebooting the machine. I came to know of the cause from @FreeBSDHelp https://twitter.com/FreeBSDHelp/status/507303992389414913 THIS NEEDS TO BE DOCUMENTED IN check-state or somewhere appropriate.
Thank you for your report Nilesh! This was originally introduced in r243707. [1] Probably a good opportunity to clarify the LOG_DEBUG message, possibly with a mention of net.inet.ip.fw.dyn_max sysctl tunable or similar. Perhaps also worth revisiting the default value for this tunable as well. CC'ing original committer (melifaro@) who likely has an expert opinion :) [1] https://svnweb.freebsd.org/base?view=revision&revision=243707 MFC candidate.
A commit references this bug: Author: melifaro Date: Fri Oct 24 13:57:16 UTC 2014 New revision: 273588 URL: https://svnweb.freebsd.org/changeset/base/273588 Log: Bump default dynamic limit to 16k entries. Print better log message when limit is hit. PR: 193300 Submitted by: me at nileshgr.com Changes: head/sys/netpfil/ipfw/ip_fw_dynamic.c
Close bug and assign as fixed.