jee, 34000? isn't there some overlap? A way of optimising it to using less rules, port descriptions which can be made into ranges? Well, if there isn't, I would do the following: Setup an extra machine, with the ebtables patch, configure it as a bridge, and put it in series with the other machine, you can then use iptables in OSI layes 2, so you can split the rules over two machines without having to change any network changes. Should give you some extra performance with so many rules. I've been using the ebtables/iptables layer 2 filtering on 2.4.24 lately, works great, just mail me directly if you need some help with it. Good luck, Jeroen. On Tue, 2 Mar 2004 10:35:49 +0100 Stindl Wolfgang EXT <Wolfgang.Stindl.extern@xxxxxxxxxxxxxx> wrote: > Hi, > > We are running a quite big iptables-Firewall with about 34000 rules. > Since today we cannot add any new rules. > All we get is a Memory allocation Problem. > > When we delete a rule, we can add 1 new rule. So is there a maximum number? > > The firewall box is an dual xeon with 1 GB memory (most is still free) > > So is there anything we can do? > > Thanks a lot > Wolfgang >
