On Mon, Dec 08, 2003 at 05:18:10PM -0700, Russell Elik Rademacher wrote: > Hello linux-kernel, Hi Russell! > I was wondering if anyone have fixed or knew the slightly broken > issue about loading the IPTables with Ingress/Egress filtering on > 254 IP addresses or more? It basically locks up the system in > networking level but everything else works fine. > The netfilter/iptables project has seperate mailinglists, netfilter@lists.netfilter.org and/or netfilter-devel@lists.netfilter.org are the ones you might want to contact (http://netfilter.org/contact.html). > Basically, if you knew about the script, APF Firewall script, I uses > it and it make extensive uses of the IPTables to make complex > firewall rules. But when it reaches to around 254, it just locks up > the network system, rendering the server unaccessible. It make > extensive uses of Ingress/Egress and I only seen it locks up when I > make use of Egress filtering. Ingress works fine up to 400 IP > addresses and I haven't pushed it that far past it to see how far it > can go. But Egress, it locks it up, when combined with Ingress. > Dunno about Egress itself in general. So...anyone might have a clue > on this? Maybe you should then talk to the "APF Firewall Script" author. We are not aware of any iptables-related issues with as little as 254 rules. -- - Harald Welte http://www.netfilter.org/ ============================================================================ "Fragmentation is like classful addressing -- an interesting early architectural error that shows how much experimentation was going on while IP was being designed." -- Paul Vixie