[Firewall] Big list in block-file -> crash server

Arno van Amersfoort arnova at rocky.eld.leidenuniv.nl
Wed May 1 08:50:38 CEST 2013


The script itself will handle that just fine: it just feeds the commands 
to iptables which in turn feeds them to your kernel. If it really has to 
do with the amount of subnets, it's a kernel issue and there isn't much 
my script can do about that...

a.

On 27/04/13 11:25, Michel van Dop wrote:
>
> I am not 100% sure, i have running the same systems many times no 
> problem like this.
>
> This systems runs 2 weeks, icecast and your firewall scripts and no 
> have problem.
>
> Afther 2 weeks i load the block list and the server are in direct in 
> production the are max connectings of 500 clients and ithe problems 
> starts.
>
> Do you think 165176 subnets are no problem for your script and for 
> CentOS 6.4 64bit (1 CPU 3 ghz, 1 Gb mem) ?
>
> I use cacti and see no high load or cpu of mem. Only when i load the 
> firewall, he look like response slow..
>
> Michel
>
>
>
> Arno van Amersfoort schreef op 2013-04-26 11:48:
>
>> I suspect changing nf_conntrack_max isn't going to help. Unless all
>> those blocked hosts connect at the same time ofc ;-)
>>
>> Are you sure the size of the blocked hosts list is causing this?
>>
>> a.
>>
>> On 4/25/2013 12:05, Michel van Dop wrote:
>>> Hi Arno, The machine gave no reaction (no sreen error), only what i 
>>> can do is reset the vmware client. Afther the reset i can not find 
>>> any errors in the /var/log/messages about the freezing. Now i try to 
>>> block only Germany and United States (61000) (lines). And i try to 
>>> change this: sysctl -w net.netfilter.nf_conntrack_max=65536 More 
>>> tips are welcome! :-) Michel Arno van Amersfoort schreef op 
>>> 2013-04-25 11:27:
>>>> What do you mean *exactly* by "crash". Kernel OOM error, freezing, 
>>>> .... ? a. On 4/25/2013 9:43, Michel van Dop wrote:
>>>>> Hi, Since i have use 165176 host / subnets (lines) in my block 
>>>>> list my new server CentOS 6.4 crash 2 times in 3 days. Any one 
>>>>> idee what i need to change in my network setting? 1/2 blocklist? 
>>>>> Best regards, Michel 
>>>>> _______________________________________________ Firewall mailing 
>>>>> list Firewall at rocky.eld.leidenuniv.nl 
>>>>> <mailto:Firewall at rocky.eld.leidenuniv.nl> 
>>>>> <mailto:Firewall at rocky.eld.leidenuniv.nl 
>>>>> <mailto:Firewall at rocky.eld.leidenuniv.nl>> 
>>>>> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall Arno's 
>>>>> (Linux IPTABLES Firewall) Homepage: http://rocky.eld.leidenuniv.nl
>>> -- _______________________________________________ Firewall mailing 
>>> list Firewall at rocky.eld.leidenuniv.nl 
>>> <mailto:Firewall at rocky.eld.leidenuniv.nl> 
>>> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall Arno's 
>>> (Linux IPTABLES Firewall) Homepage: http://rocky.eld.leidenuniv.nl
>
> -- 
>   
>
>
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rocky.eld.leidenuniv.nl/pipermail/firewall/attachments/20130501/756dfe26/attachment.html>


More information about the Firewall mailing list