[Firewall] Big list in block-file -> crash server

Michel van Dop mvandop at xs4all.nl
Sat Apr 27 11:25:54 CEST 2013


 

I am not 100% sure, i have running the same systems many times no
problem like this.

This systems runs 2 weeks, icecast and your firewall
scripts and no have problem.

Afther 2 weeks i load the block list and
the server are in direct in production the are max connectings of 500
clients and ithe problems starts.

Do you think 165176 subnets are no
problem for your script and for CentOS 6.4 64bit (1 CPU 3 ghz, 1 Gb mem)
? 

I use cacti and see no high load or cpu of mem. Only when i load the
firewall, he look like response slow..

Michel 

Arno van Amersfoort
schreef op 2013-04-26 11:48: 

> I suspect changing nf_conntrack_max
isn't going to help. Unless all 
> those blocked hosts connect at the
same time ofc ;-)
> 
> Are you sure the size of the blocked hosts list
is causing this?
> 
> a.
> 
> On 4/25/2013 12:05, Michel van Dop
wrote:
> 
>> Hi Arno, The machine gave no reaction (no sreen error),
only what i can do is reset the vmware client. Afther the reset i can
not find any errors in the /var/log/messages about the freezing. Now i
try to block only Germany and United States (61000) (lines). And i try
to change this: sysctl -w net.netfilter.nf_conntrack_max=65536 More tips
are welcome! :-) Michel Arno van Amersfoort schreef op 2013-04-25 11:27:

>> 
>>> What do you mean *exactly* by "crash". Kernel OOM error,
freezing, .... ? a. On 4/25/2013 9:43, Michel van Dop wrote: 
>>> 
>>>>
Hi, Since i have use 165176 host / subnets (lines) in my block list my
new server CentOS 6.4 crash 2 times in 3 days. Any one idee what i need
to change in my network setting? 1/2 blocklist? Best regards, Michel
_______________________________________________ Firewall mailing list
Firewall at rocky.eld.leidenuniv.nl
<mailto:Firewall at rocky.eld.leidenuniv.nl>
http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall [1] Arno's
(Linux IPTABLES Firewall) Homepage: http://rocky.eld.leidenuniv.nl
[2]
>> -- _______________________________________________ Firewall
mailing list Firewall at rocky.eld.leidenuniv.nl
http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall [1] Arno's
(Linux IPTABLES Firewall) Homepage: http://rocky.eld.leidenuniv.nl
[2]

-- 

 

Links:
------
[1]
http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
[2]
http://rocky.eld.leidenuniv.nl
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rocky.eld.leidenuniv.nl/pipermail/firewall/attachments/20130427/f0010bdf/attachment.html>


More information about the Firewall mailing list