> On Tue, Oct 29, 2019 at 3:17 PM Simon Matter
> wrote:
>>
>> So you have 4 real cores, not 8. From how I understand it one fully used
>> core (one of the 4) can have a negative impact on its (virtual) sibling.
>
> Yes, but why does the following command have absolutely no negative
> impact on my
I rarely reboot but when I do, I have Shorewall just create an empty ipset from
'init'. These
h@ckorz are going to try again and simply get banned again. I DROP anything in
the ipset
at the beginning of the 'rules' file. This keeps things from getting logged
over and over.
I find using an i
On 10/29/19 9:54 AM, Tom Eastep wrote:
>> Questions.
>>
>> 1/ When using shorewall-init does shorewall itself have to be running,
>> or is the compiled shorewall rules loaded directly into iptables?
> If you are relying on Shorewall-init to load the ipset during boot, then:
>
> a) shorewall-init
Yes, but why does the following command have absolutely no negative
impact on my network latency while shorewall reload does?
I didn't see the beginning of this thread, but if you have virtualized
systems, look beyond CPU on the host. There may be other resources
being stressed when you "shor
On 10/27/19 2:57 PM, Nigel Aves wrote:
> As a note, I'm a photographer who likes to run their own server for web
> sites / email server, but I am no sys-admin person. I have though been
> using Shorewall for a number of years now.
>
> I've been building a new server to replace my aging server. Cen
On Tue, Oct 29, 2019 at 3:17 PM Simon Matter wrote:
>
> So you have 4 real cores, not 8. From how I understand it one fully used
> core (one of the 4) can have a negative impact on its (virtual) sibling.
Yes, but why does the following command have absolutely no negative
impact on my network late
> Hi,
>
> On Tue, Oct 29, 2019 at 2:54 PM Simon Matter via Shorewall-users
> wrote:
>>
>> ~1 minute? Do you have an insane number of rules somehow?
>
> Yes.
>
>> One thing I was wondering, are the 8 cores real cores or 4 with HT?
>
> # lscpu
> Architecture: x86_64
> CPU op-mode(s):
Hi,
On Tue, Oct 29, 2019 at 2:54 PM Simon Matter via Shorewall-users
wrote:
>
> ~1 minute? Do you have an insane number of rules somehow?
Yes.
> One thing I was wondering, are the 8 cores real cores or 4 with HT?
# lscpu
Architecture: x86_64
CPU op-mode(s):32-bit, 64-bit
Byte
Hi,
> Hi,
>
> I have a rather busy network, and my ksoftirqd processes are using
> quite a lot of CPU. I'm trying to optimize my NIC settings, but I
> think I can't get any better unless I change hardware.
>
> However, I want to make sure I prioritize CPU power for the ksoftirqd
> processes becaus
Hi,
I tried the following for each ksoftirqd PID:
# chrt -f -a -p 99 $pid
"top" now reports that the ksoftirqd priorities are all "rt" (real-time).
I then test-stressed the Shorewall system by running this:
# stress --cpu 8 --timeout 60
This brought all my cores to nearly 100% usage:
PID U
10 matches
Mail list logo
