-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
For relatively obscure reasons, I am trying to build a set
of rules that run into the hundreds of thousands. I was
experimenting on a Redhat Release 5 machine with 2.6.18
kernel and 1.3.5 iptables. I was able to load around 340k
rules before getting an error of iptables-restore: line
XXXXXX failed.
So I try it out on a server (much beefier, 8G ram, dual quad
core 2GHz proc) running the same kernel/iptables versions.
This time it died in the same way at about 40k rules. After
some research I found a log message on Vmalloc failures, so
I figured what the hell and rebuilt the server using the 64
bit version of RH 5. Now no more vmalloc failures, but
still dies at around 40k entries.
I am more than happy to build a custom kernel if that what I
need to do. I have poked around the sources and it is not
obvious what needs to change.
Any help would be appreciated.
Thanks!
- ---> Phil
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
iD8DBQFGwOCma2RfHGe2XK4RAtP8AJ4n0b6GrDHtrWJtHJO+4HXj+mDzhQCe
NuBZ
focPiQFfyved9SKA/ZmAoqM=
=GETn
-----END PGP SIGNATURE-----
|