linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: "Russell \"Elik\" Rademacher" <elik@webspires.com>
To: linux-kernel@vger.kernel.org
Subject: IPtables hang system when loading over 254 IP Addresses
Date: Mon, 8 Dec 2003 17:18:10 -0700	[thread overview]
Message-ID: <098111156.20031208171810@webspires.com> (raw)

Hello linux-kernel,

  I was wondering if anyone have fixed or knew the slightly broken issue about loading the IPTables with Ingress/Egress filtering on 254 IP addresses or more?  It basically locks up the system in networking level but everything else works fine.

  Reason I asking is that I have quite a few servers with 256 to 300 IP addresses on it, which is mainly for the SSL or anonymous access. So..don't flame me for the gross IP misallocation on single server. :)

  Basically, if you knew about the script, APF Firewall script, I uses it and it make extensive uses of the IPTables to make complex firewall rules.  But when it reaches to around 254, it just locks up the network system, rendering the server unaccessible.  It make extensive uses of Ingress/Egress and I only seen it locks up when I make use of Egress filtering. Ingress works fine up to 400 IP addresses and I haven't pushed it that far past it to see how far it can go.  But Egress, it locks it up, when combined with Ingress.  Dunno about Egress itself in general.  So...anyone might have a clue on this?

  This is on 2.4.x series kernel.

-- 
Best regards,
Russell "Elik" Rademacher
Freelance Remote System Adminstrator/Tech Support    


             reply	other threads:[~2003-12-09  0:18 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-12-09  0:18 Russell "Elik" Rademacher [this message]
2003-12-11 11:18 ` IPtables hang system when loading over 254 IP Addresses Harald Welte

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=098111156.20031208171810@webspires.com \
    --to=elik@webspires.com \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).