[Firewall] Big list in block-file -> crash server

Gustin Johnson gustin at meganerd.ca
Tue May 28 16:25:03 CEST 2013


That is a kernel error.  You may want to check with your distribution.


On Tue, May 28, 2013 at 1:20 AM, Michel van Dop <mvandop at xs4all.nl> wrote:

> **
>
> Hello,
>
> I start the firewall automatic and afther this messages "Applying external
> (INET) policy to interface eth0 (whhout a eciffied)
> I get this:
> Bug: soft lockup - CPU#0 Stuck for 67s! [iptables 30743]
>
> My blocklist is 161000 rules.
>
> I update the hardware and have now2 CPU and 2 Gb mem.... When i remove the
> blocklist everything is working fine no bugs.
>
>
> Best regards,
> Michel
>
>
> Arno van Amersfoort schreef op 2013-05-01 08:50:
>
> The script itself will handle that just fine: it just feeds the commands
> to iptables which in turn feeds them to your kernel. If it really has to do
> with the amount of subnets, it's a kernel issue and there isn't much my
> script can do about that...
>
> a.
>
> On 27/04/13 11:25, Michel van Dop wrote:
>
> I am not 100% sure, i have running the same systems many times no problem
> like this.
>
> This systems runs 2 weeks, icecast and your firewall scripts and no have
> problem.
>
> Afther 2 weeks i load the block list and the server are in direct in
> production the are max connectings of 500 clients and ithe problems starts.
>
> Do you think 165176 subnets are no problem for your script and for CentOS
> 6.4 64bit (1 CPU 3 ghz, 1 Gb mem) ?
>
> I use cacti and see no high load or cpu of mem. Only when i load the
> firewall, he look like response slow..
>
> Michel
>
>
>
> Arno van Amersfoort schreef op 2013-04-26 11:48:
>
> I suspect changing nf_conntrack_max isn't going to help. Unless all
> those blocked hosts connect at the same time ofc ;-)
>
> Are you sure the size of the blocked hosts list is causing this?
>
> a.
>
> On 4/25/2013 12:05, Michel van Dop wrote:
>
> Hi Arno, The machine gave no reaction (no sreen error), only what i can do
> is reset the vmware client. Afther the reset i can not find any errors in
> the /var/log/messages about the freezing. Now i try to block only Germany
> and United States (61000) (lines). And i try to change this: sysctl -w
> net.netfilter.nf_conntrack_max=65536 More tips are welcome! :-) Michel Arno
> van Amersfoort schreef op 2013-04-25 11:27:
>
> What do you mean *exactly* by "crash". Kernel OOM error, freezing, .... ?
> a. On 4/25/2013 9:43, Michel van Dop wrote:
>
> Hi, Since i have use 165176 host / subnets (lines) in my block list my new
> server CentOS 6.4 crash 2 times in 3 days. Any one idee what i need to
> change in my network setting? 1/2 blocklist? Best regards, Michel
> _______________________________________________ Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl <mailto:Firewall at rocky.eld.leidenuniv.nl>
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall Arno's (Linux
> IPTABLES Firewall) Homepage: http://rocky.eld.leidenuniv.nl
>
>  -- _______________________________________________ Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall Arno's (Linux
> IPTABLES Firewall) Homepage: http://rocky.eld.leidenuniv.nl
>
>
> --
>
>
>
>
>
> _______________________________________________
> Firewall mailing listFirewall at rocky.eld.leidenuniv.nlhttp://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:http://rocky.eld.leidenuniv.nl
>
>
>
> _______________________________________________
> Firewall mailing listFirewall at rocky.eld.leidenuniv.nlhttp://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:http://rocky.eld.leidenuniv.nl
>
>
> --
>
>
>
>
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rocky.eld.leidenuniv.nl/pipermail/firewall/attachments/20130528/968d9568/attachment.html>


More information about the Firewall mailing list