iptable rule addition has no effect .

iptable rule addition has no effect .

[ratheesh k]

i m  flooding  an interface using hping with UDP packets .

I have a rule

    iptables -A INPUT -p udp -j DROP

I can see all packets are getting dropped . i can see processor
utilization is high using "top" command and system becomes slow .

But while flooding , if  i add rule

iptables -I INPUT -j ACCEPT .

still packets gets dropped .

 But if i  stop flooding and start hping again { with same rules }  ,
packets are accepted .

Note : I am working on an embedded enviornement  with 128kB of RAM .

any hints is really appreciated .

Thanks,
Ratheesh.

Re: iptable rule addition has no effect .

[Mart Frauenlob]

On 05.03.2010 06:33, netfilter-owner@vger.kernel.org wrote:
> i m  flooding  an interface using hping with UDP packets .
> 
> I have a rule
> 
>     iptables -A INPUT -p udp -j DROP
> 
> I can see all packets are getting dropped . i can see processor
> utilization is high using "top" command and system becomes slow .
> 
> But while flooding , if  i add rule
> 
> iptables -I INPUT -j ACCEPT .
> 
> still packets gets dropped .
> 
>  But if i  stop flooding and start hping again { with same rules }  ,
> packets are accepted .
> 
> Note : I am working on an embedded enviornement  with 128kB of RAM .
> 
> any hints is really appreciated .

> 

guessing:
could it be you use conntrack, and nf_conntrack_max is reached?