Hi,
I run a small system with an older version of shorewall (1.4.2). It has been extremely solid for a long time. But recently I have noticed the connection table filling up, which has never happened before. My guess is that the box is getting hit with floods. The system only has 64M of ram and the conntrack_max is set to 4096 based on the ram. I have temporarily increased it to 8192 so that it doesn't cause the box to drop packets, but obviously it will eventually fill up again. I need help in trying to understand what is happening. I don't have many analysis tools on the box since it runs a minimal linux system (for embedded appliances). But I can look at the shorewall status and try to figure out what's getting hit. The thing is I don't understand very well how to decipher all the shorewall data, and any help would be greatly appreciated. I understand the problem may not be directly related to shorewall, but if shorewall can be used in any way to protect the box from these attacks and not have it continue to fill up its connection table, then that's what I need to do. Thanks in advance for any help. I've attached the shorewall status. Ricardo
sw.status.gz
Description: GNU Zip compressed data
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
