On 05.03.2010 06:33, netfilter-owner@xxxxxxxxxxxxxxx wrote:
> i m flooding an interface using hping with UDP packets .
>
> I have a rule
>
> iptables -A INPUT -p udp -j DROP
>
> I can see all packets are getting dropped . i can see processor
> utilization is high using "top" command and system becomes slow .
>
> But while flooding , if i add rule
>
> iptables -I INPUT -j ACCEPT .
>
> still packets gets dropped .
>
> But if i stop flooding and start hping again { with same rules } ,
> packets are accepted .
>
> Note : I am working on an embedded enviornement with 128kB of RAM .
>
> any hints is really appreciated .
>
guessing:
could it be you use conntrack, and nf_conntrack_max is reached?
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
