iptables crashes server?

R. DuFresne dufresne at sysinfo.com
Tue Apr 5 18:34:59 CEST 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 5 Apr 2005, Moritz Gartenmeister wrote:

> i checked the memory usage a little more in detail:
>
> the free ram is decreasing.
> the active use of ram is increasing.
>
> ergo, something is filling up my ram. i run apache, irc-proxy, snort and 
> argus besides iptables.
>
> for me, there seems something buggy in the kernelspace of iptables.
>
> but, if i am the only one with this problem, it's maybe not.
>

There are two things you might do to deal with memory over consumption 
issues;

Add more RAM to the system

or off load some of the services to other systems rather then directly 
running them all on the firewall server.  And this is likely the better 
way to deal with the problem in my mind.  firewalls afterall are 
traditionally a single purpose system.


Thanks,

Ron DuFresne
- -- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         admin & senior security consultant:  sysinfo.com
                         http://sysinfo.com

...Love is the ultimate outlaw.  It just won't adhere to rules.
The most any of us can do is sign on as it's accomplice.  Instead
of vowing to honor and obey, maybe we should swear to aid and abet.
That would mean that security is out of the question.  The words
"make" and "stay" become inappropriate.  My love for you has no
strings attached.  I love you for free...
                         -Tom Robins <Still Life With Woodpecker>
Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCUr43st+vzJSwZikRAhB5AJsFNxy0VUPQDPbgV2g4vS/NWl+mZgCcDUui
kJNnt/dXPVl48WVqY/4CZP8=
=hgsV
-----END PGP SIGNATURE-----



More information about the netfilter mailing list