search for: hashsize

Hello, I''ve tried to change ipt_conntrack hashsize and con under my debian charge but doesn''t work ! Ive got 2876Mb available for conntrack so I''ve done (according to some previous mail and this http://www.wallfire.org/misc/netfilter_conntrack_perf.txt) CONNTRACK_MAX = 2876 * 64 = 184064 HASHSIZE = 2876 * 8 = 23002 But the...

http://bugzilla.netfilter.org/show_bug.cgi?id=733 Summary: ipset restore won't restore from output of ipset save Product: ipset Version: unspecified Platform: All OS/Version: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: default AssignedTo: netfilter-buglog at

Hi all. i'm trying to modify some parameters but when system reboots it doesn't load. For the sysctl if I run sysctl -p then it changes /etc/sysctl.conf net.ipv4.netfilter.ip_conntrack_max = 1048576 /etc/modprobe.conf options ip_conntrack hashsize=131072 after reboot results cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max 65536 cat /sys/module/nf_conntrack/parameters/hashsize 16384 expected results cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max 1048576 cat /sys/module/nf_conntrack/parameters/hashsize 131072 Fred -- This message...

...2 185.234.217.221 185.36.81.165 188.165.238.157 203.2.118.130 209.166.164.71 210.6.94.23 211.72.92.124 27.156.139.95 27.156.176.146 41.164.192.74 45.227.253.100 45.227.253.99 49.87.109.233 52.38.234.254 [root at ollie2 ~]# ipset list Name: fail2ban-sshd Type: hash:ip Revision: 4 Header: family inet hashsize 1024 maxelem 65536 timeout 3600000 Size in memory: 120 References: 0 Number of entries: 0 Members: Name: fail2ban-dovecot Type: hash:ip Revision: 4 Header: family inet hashsize 1024 maxelem 65536 timeout 3600000 Size in memory: 3768 References: 0 Number of entries: 41 Members: 185.211.245.198 time...

Hey guys, I am planning to buy some components for a Linux router that will handle the Internet access of 200 computers (includes tc shaping) and some inter sub-network routing (at least 100MBps per eth - and there are 3 eth cards). I was thinking of a: Pentium 4 - 3GHz 256 or 512MB RAM Network Cards. Now - I wonder what is more important: the processor speed or the amount of RAM. And can you

...: 3.11.10-200.fc19.x86_64 ipset: v6.20.1 - Steps to Reproduce: # ipset create http hash:ip timeout 0 maxelem 5 # ipset add http 192.168.0.1 # ipset add http 192.168.0.2 # ipset add http 192.168.0.3 # ipset add http 192.168.0.4 # ipset list Name: http Type: hash:ip Revision: 1 Header: family inet hashsize 1024 maxelem 5 timeout 0 Size in memory: 16784 References: 0 Members: 192.168.0.3 timeout 0 192.168.0.4 timeout 0 192.168.0.1 timeout 0 192.168.0.2 timeout 0 # ipset add http 192.168.0.5 -exist timeout 60 (wait)# ipset list Name: http Type: hash:ip Revision: 1 Header: family inet hashsize 1024 maxe...

https://bugzilla.netfilter.org/show_bug.cgi?id=819 Summary: ipset create setname timeout 2147484 records greater timeout Product: ipset Version: unspecified Platform: x86_64 OS/Version: Debian GNU/Linux Status: NEW Severity: major Priority: P5 Component: default AssignedTo:

...achine (the current firewall) has *not* undergone any changes aside from installing another 512Mb of RAM. Kernel is the same, and shorewall config is essentially the same. In searching for an answer, I came across this link which suggests that a dedicated firewall should have the ip_conntrack hashsize = ip_conntrack_max: http://www.wallfire.org/misc/netfilter_conntrack_perf.txt I know this isn''t strictly a shorewall issue, but I mention it here in case it is relevant. I plan to visit netfilter lists to investigate more. Now for a shorewall issue: it occurred to me that if I took a...

Hello I''ve got a server with 3Gb of ram and I want to keep 256 for the system and allocate the rest to conntrack ... I''ve tried to change the HASHSIZE of the ip_conntrack but dmesg return me this error ! ip_conntrack version 2.4 (2097152 buckets, 16777216 max) - 236 bytes per conntrack ip_conntrack: falling back to vmalloc. .... I''ve use this "math" to calculate it : (3072 - 256) x 1024^2 - 236 = 12511822,1027 The...

Hi, I have a P4 @ 3Ghz router running Debian. It shapes traffic ( about 500-600 classes ), about 1000 iptables rules, and it does BGP too, so i get about 1300+ routes in the routing table. The problem is the load is too high on this system. I found a solution to my problem, turning off the route cache, but i dont know how to implement it, I was wondering if anyone found a way to disable the

...t AssignedTo: netfilter-buglog at lists.netfilter.org ReportedBy: quentin at armitage.org.uk Estimated Hours: 0.0 # ipset create foo hash:ip netmask 24 # ipset add foo 1.2.3.4/24 # ipset add foo 1.2.4.5/32 # ipset list foo Name: foo Type: hash:ip Revision: 0 Header: family inet hashsize 1024 maxelem 65536 netmask 24 Size in memory: 16536 References: 0 Members: 1.2.4.0 1.2.3.0 -- Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.

...before 107.0.0.0. Version-Release number of selected component (if applicable): ipset-7.2 How reproducible: Always Steps to Reproduce: 1. ipset create foo hash:net 2. ipset add foo 95.0.0.0/8 3. ipset add foo 107.0.0.0/8 4. ipset save foo -sorted Actual results: create foo hash:net family inet hashsize 1024 maxelem 65536 add foo 107.0.0.0/8 add foo 95.0.0.0/8 Expected results: create foo hash:net family inet hashsize 1024 maxelem 65536 add foo 95.0.0.0/8 add foo 107.0.0.0/8 -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML...

On Friday 19 April 2019 15:19:26 Pete Biggs wrote: > > I've added a fail regex to /etc/fail2ban/filter.d/exim.conf as suggested > > on another page: > > The standard exim.conf already has a 535 filter. Was that not working > for you? I was following the instructions as shown on the page. I did find after sending my post that there was already a regex in the standard

...cho -e "add test 1.1.1.1\nadd test_iface 2.2.2.2\nadd test 3.3.3.3\n" | ./ipset - ipset v6.32: Syntax error: Second element is missing from 2.2.2.2. ipset v6.32: Syntax error: Second element is missing from 3.3.3.3. # ./ipset list Name: test Type: hash:net Revision: 6 Header: family inet hashsize 1024 maxelem 65536 Size in memory: 448 References: 0 Members: 1.1.1.1 Name: test_iface Type: hash:net,iface Revision: 6 Header: family inet hashsize 1024 maxelem 65536 Size in memory: 416 References: 0 Members: Printing "setname" and "typename" in types.c:adt_type_get() shows...

# Your mailer is set to "none" (default on Windows), # hence we cannot send the bug report directly from R. # Please copy the bug report (after finishing it) to # your favorite email program and send it to # # r-bugs@biostat.ku.dk # ###################################################### Hello! I have observed a curious problem with the Windows version of R. > version

https://bugzilla.netfilter.org/show_bug.cgi?id=1101 Bug ID: 1101 Summary: SET target unreliable in iptables - add does not work as expected Product: netfilter/iptables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: major Priority: P5

Hello I''ve setuped a bridge with l7-filter and ipp2p. We have every day + or - between 10Mbits and 30 Mbits P2P traffic from + or - 450 customers. When traffic increase. I''ve got this kind of error message : Feb 23 14:26:19 gestor1 kernel: printk: 38 messages suppressed. Feb 23 14:26:19 gestor1 kernel: ip_conntrack: table full, dropping packet. The server is celeron

Hi Robert, On 07/18/2017 11:43 PM, Robert Schetterer wrote: > i guess not, but typical bots arent using ssl, check it > > however fail2ban sometimes is to slow I have configured dovecot with auth_failure_delay = 10 secs I hope that before the 10 sec are over, dovecot will have logged about the failed login attempt, and fail2ban will have blocked the ip by then. MJ

Hi All, I am using the script below to limit download rates and manage traffic for a certain IP address and testing the results using iperf. The rate that iperf reports is much higher than the rate I have configured for the HTB qdisc. It''s probably just some newbie trap that''s messing things up but I''m buggered if I can see it. The following script is run on the

https://bugzilla.netfilter.org/show_bug.cgi?id=830 Summary: ??iptables????????? Product: iptables Version: unspecified Platform: All OS/Version: RedHat Linux Status: NEW Severity: major Priority: P5 Component: iptables AssignedTo: netfilter-buglog at lists.netfilter.org ReportedBy: higkoohk