[Firewall] Big list in block-file -> crash server

Michel van Dop mvandop at xs4all.nl
Thu May 2 14:05:57 CEST 2013


 

Hi,

When i want to block all traffic on port 80 and only give
access to NL subnets. Can i use this rules the custom
rules?

/sbin/iptables -A INPUT -s 82.94.204.32 -d 207.171.0.0/16 -p tcp
--dport 80 -j ACCEPT # subnet nl 1 example
/sbin/iptables -A INPUT -p
tcp --dport 80 -j LOG # log blokkering van port 80 inkomend

/sbin/iptables -A INPUT -p tcp --dport 80 -j DROP # Blokkeren van al
het verkeer op port 80 inkomend 

Best regards,

Michel

Arno van
Amersfoort schreef op 2013-05-01 08:50: 

> The script itself will
handle that just fine: it just feeds the commands to iptables which in
turn feeds them to your kernel. If it really has to do with the amount
of subnets, it's a kernel issue and there isn't much my script can do
about that...
> 
> a.
> 
> On 27/04/13 11:25, Michel van Dop wrote: 
>

>> I am not 100% sure, i have running the same systems many times no
problem like this.
>> 
>> This systems runs 2 weeks, icecast and your
firewall scripts and no have problem.
>> 
>> Afther 2 weeks i load the
block list and the server are in direct in production the are max
connectings of 500 clients and ithe problems starts.
>> 
>> Do you think
165176 subnets are no problem for your script and for CentOS 6.4 64bit
(1 CPU 3 ghz, 1 Gb mem) ? 
>> 
>> I use cacti and see no high load or
cpu of mem. Only when i load the firewall, he look like response
slow..
>> 
>> Michel 
>> 
>> Arno van Amersfoort schreef op 2013-04-26
11:48: 
>> 
>>> I suspect changing nf_conntrack_max isn't going to help.
Unless all 
>>> those blocked hosts connect at the same time ofc ;-)
>>>

>>> Are you sure the size of the blocked hosts list is causing
this?
>>> 
>>> a.
>>> 
>>> On 4/25/2013 12:05, Michel van Dop wrote:
>>>

>>>> Hi Arno, The machine gave no reaction (no sreen error), only what
i can do is reset the vmware client. Afther the reset i can not find any
errors in the /var/log/messages about the freezing. Now i try to block
only Germany and United States (61000) (lines). And i try to change
this: sysctl -w net.netfilter.nf_conntrack_max=65536 More tips are
welcome! :-) Michel Arno van Amersfoort schreef op 2013-04-25 11:27:

>>>> 
>>>>> What do you mean *exactly* by "crash". Kernel OOM error,
freezing, .... ? a. On 4/25/2013 9:43, Michel van Dop wrote: 
>>>>>

>>>>>> Hi, Since i have use 165176 host / subnets (lines) in my block
list my new server CentOS 6.4 crash 2 times in 3 days. Any one idee what
i need to change in my network setting? 1/2 blocklist? Best regards,
Michel _______________________________________________ Firewall mailing
list Firewall at rocky.eld.leidenuniv.nl
<mailto:Firewall at rocky.eld.leidenuniv.nl>
http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall [1] Arno's
(Linux IPTABLES Firewall) Homepage: http://rocky.eld.leidenuniv.nl
[2]
>>>> -- _______________________________________________ Firewall
mailing list Firewall at rocky.eld.leidenuniv.nl
http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall [1] Arno's
(Linux IPTABLES Firewall) Homepage: http://rocky.eld.leidenuniv.nl
[2]
>> 
>> -- 
>> 
>> _______________________________________________
>>
Firewall mailing list
>> Firewall at rocky.eld.leidenuniv.nl
>>
http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall [1]
>> Arno's
(Linux IPTABLES Firewall) Homepage:
>> http://rocky.eld.leidenuniv.nl
[2]
> 
> _______________________________________________
> Firewall
mailing list
> Firewall at rocky.eld.leidenuniv.nl
>
http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall [1]
> Arno's
(Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
[2]

-- 

 

Links:
------
[1]
http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
[2]
http://rocky.eld.leidenuniv.nl
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rocky.eld.leidenuniv.nl/pipermail/firewall/attachments/20130502/e2944e67/attachment.html>


More information about the Firewall mailing list