IPtables hang system when loading over 254 IP Addresses

[Russell \"Elik\" Rademacher]

Hello linux-kernel,

  I was wondering if anyone have fixed or knew the slightly broken issue about loading the IPTables with Ingress/Egress filtering on 254 IP addresses or more?  It basically locks up the system in networking level but everything else works fine.

  Reason I asking is that I have quite a few servers with 256 to 300 IP addresses on it, which is mainly for the SSL or anonymous access. So..don't flame me for the gross IP misallocation on single server. :)

  Basically, if you knew about the script, APF Firewall script, I uses it and it make extensive uses of the IPTables to make complex firewall rules.  But when it reaches to around 254, it just locks up the network system, rendering the server unaccessible.  It make extensive uses of Ingress/Egress and I only seen it locks up when I make use of Egress filtering. Ingress works fine up to 400 IP addresses and I haven't pushed it that far past it to see how far it can go.  But Egress, it locks it up, when combined with Ingress.  Dunno about Egress itself in general.  So...anyone might have a clue on this?

  This is on 2.4.x series kernel.

-- 
Best regards,
Russell "Elik" Rademacher
Freelance Remote System Adminstrator/Tech Support    

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/