Re: How many rules were supported iptables?

Top Page
This message is part of the following thread:
M-\the complete thread tree sorted by date
M\MPeter at <-
MMm.innocenti@cineca.it at ->

Reply to this message
Author: Eric Dumazet
Date:  
To: Peter
CC: 이근수, netfilter-devel
Subject: Re: How many rules were supported iptables?
Peter a écrit :
> 이근수 wrote:
>
>> Hi All.
>> I have a problem that is how many rules were supported iptables.
>> The program which I maintain and repair generated iptables rules
>> automatically.
>> Now, I encounter this problem.
>> Source and destination IP address is written range by user.( ex,
>> 1.1.1.1~1.1.1.10 ) then our program generated 10 IP address(1.1.1.1,
>> 1.1.1.2, 1.1.1.3, … , 1.1.1.10) and make 10 iptables rules.
>> Unfortunately, user wrote iptables rules like this, 10,000 rules is
>> generated.
>>  “ iptalbes –A FORWARD –p tcp –s 1.1.1.1~1.1.1.100 –d
>> 2.2.2.1~2.2.2.100 –j QUEUE”.
>> Do 10,000 rules operate safely?? Or Some rules don’t operate normally??
>> If some rules don’t operate normally, how many rules iptables does
>> support??
>>
>>
>>
>>
> It's the 4 MB in total size of rules. (This is the maximum size of a
> chunc of data copy from userspace to kernel space in
> one syscall)
Hi Peter

I was not aware on this 4MB limit.
Could you please tell us where this limit is applied in kernel sources ?

Thank you



This message was posted to the following mailing lists:
Netfilter Development
Mailing List Info | Nearby Messages		<-Re: How many rules were supported iptables?Re: How many rules were supported iptables?->
Mailing List Archives by the Free Network Group administrated by Federico Sevilla IIILurker (version 2.1)