[prev in list] [next in list] [prev in thread] [next in thread]
List: netfilter
Subject: Re: Rule Count limit
From: "Neal P. Murphy" <neal.p.murphy () alum ! wpi ! edu>
Date: 2020-09-24 17:40:31
Message-ID: 20200924134031.30856252 () playground
[Download RAW message or body]
On Thu, 24 Sep 2020 16:17:00 +0530
Jevin Gala <jevin@softaculous.com> wrote:
> Hi,
>
>
> I couldn't find much information about the limitation on adding number of rules.
>
> I tried adding around 26000 rules and starting seeing this message :
6-8 years ago, I discovered that iptables could not reliably add more than 20k-25k \
rules at a time; a periodic COMMIT (IIRC) every 10k-15k rules would allow me to add \
hundreds of thousands of rules. So there is or was a limit to iptables' atomicity. \
Back then, I was comparing the efficiency of Smoothwall Express' ipbatch program and \
iptables-restore and needed a million rules to obtain meaningful data; ipbatch was \
marginally (~5%) more efficient.
N
>
>
> Unable to update the kernel. Two possible causes:
>
> 1. Multiple ebtables programs were executing simultaneously. The ebtables
>
> userspace tool doesn't by default support multiple ebtables programs running
>
> concurrently. The ebtables option --concurrent or a tool like flock can be
>
> used to support concurrent scripts that update the ebtables kernel tables.
>
> 2. The kernel doesn't support a certain ebtables extension, consider
>
> recompiling your kernel or insmod the extension.
>
>
> There is Free RAM while swap is fully used.
>
> Kernel : 3.10.0-957.5.1.el7.x86_64
>
> ebtables.x86_64 2.0.10-16.el7
>
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic