nesser at amazon
Aug 13, 2007, 3:52 PM
Views: 777
Permalink
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
For relatively obscure reasons, I am trying to build a set of rules that run into the hundreds of thousands. I was experimenting on a Redhat Release 5 machine with 2.6.18 kernel and 1.3.5 iptables. I was able to load around 340k rules before getting an error of iptables-restore: line XXXXXX failed.
So I try it out on a server (much beefier, 8G ram, dual quad core 2GHz proc) running the same kernel/iptables versions. This time it died in the same way at about 40k rules. After some research I found a log message on Vmalloc failures, so I figured what the hell and rebuilt the server using the 64 bit version of RH 5. Now no more vmalloc failures, but still dies at around 40k entries.
I am more than happy to build a custom kernel if that what I need to do. I have poked around the sources and it is not obvious what needs to change.
Any help would be appreciated.
Thanks!
- ---> Phil
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
iD8DBQFGwOCma2RfHGe2XK4RAtP8AJ4n0b6GrDHtrWJtHJO+4HXj+mDzhQCeNuBZ
focPiQFfyved9SKA/ZmAoqM=
=GETn
-----END PGP SIGNATURE-----
|
rule limit question