On Friday 2012-01-20 21:18, Marcin Mirosław wrote: > W dniu 2012-01-20 18:05, Jan Engelhardt napisał(a): >> geoip uses vmalloc for its huge allocations, so that can't be it. The >> massive size of skbuff_head_cache would point towards there being a lot >> of dead skbs being held, which - in my nose - would smell of tarpit. Did >> you properly feed all packets that you tarpited also to -j CT --notrack? > >Surely i didn't use notrack;) I has problem how to use it, i'd like to tarpit >packets >at the end of INPUT at filter table, notrack i can use only in raw table. TARPIT does not have much of a use for random ports without any services because it is specific to clients sending data. You should use DELUDE at the end of the chain, also because it does not keep any connections around like tarpit. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
