On Thu, 24 Sep 2020 16:17:00 +0530 Jevin Gala <jevin@xxxxxxxxxxxxxxx> wrote: > Hi, > > > I couldn’t find much information about the limitation on adding number of rules. > > I tried adding around 26000 rules and starting seeing this message : 6-8 years ago, I discovered that iptables could not reliably add more than 20k-25k rules at a time; a periodic COMMIT (IIRC) every 10k-15k rules would allow me to add hundreds of thousands of rules. So there is or was a limit to iptables' atomicity. Back then, I was comparing the efficiency of Smoothwall Express' ipbatch program and iptables-restore and needed a million rules to obtain meaningful data; ipbatch was marginally (~5%) more efficient. N > > > Unable to update the kernel. Two possible causes: > > 1. Multiple ebtables programs were executing simultaneously. The ebtables > > userspace tool doesn't by default support multiple ebtables programs running > > concurrently. The ebtables option --concurrent or a tool like flock can be > > used to support concurrent scripts that update the ebtables kernel tables. > > 2. The kernel doesn't support a certain ebtables extension, consider > > recompiling your kernel or insmod the extension. > > > There is Free RAM while swap is fully used. > > Kernel : 3.10.0-957.5.1.el7.x86_64 > > ebtables.x86_64 2.0.10-16.el7 > >
