Hi everyone, We ran into some issues due to what appeared to be an non rate-limited LOG target rule on our INPUT chain before the final DROP. It looks like that was set up to log to the console... no bueno! We saw lots of connection and and system resource related issues crop up when that LOG rule started getting hit repeatedly.. A hypothesis was formed around the idea that iptables was getting backpressure from klogd due to the slow writes to console. This idea doesn't sit well with me... I really don't like the idea that a LOG target rule (albeit configured mindlessly) can have such catastrophic results. Does anyone have a moment to speak about what may have happened or to explain possibly why? Thanks! Steve -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
