Why so many rules? Are you using a single rule per IP address to implement a blocking filter? My logic for dealing with the problem is simple: Allow up to three rules per /24 On the fourth rule applied to a particular /24, assume that the whole neighborhood has gone to pot and collapse four rules to one /24 rule. As you find multiple rules blocking adjacent /24 rules, consolidate them. Pretty soon you will find you have ONE rule for 200.0.0.0/8, or perhaps even 200.0.0.0/7. There are other large blocks that will come out of the process. And you won't miss 'em, either. On Tue, 2004-03-02 at 01:35, Stindl Wolfgang EXT wrote: > Hi, > > We are running a quite big iptables-Firewall with about 34000 rules. > Since today we cannot add any new rules. > All we get is a Memory allocation Problem. > > When we delete a rule, we can add 1 new rule. So is there a maximum > number? > > The firewall box is an dual xeon with 1 GB memory (most is still free) > > So is there anything we can do? > > Thanks a lot > Wolfgang >
