Re: Occasionally iptables blocks simply stop working [message #53742 is a reply to message #53614] |
Fri, 02 April 2021 00:13 |
wsap
Messages: 70 Registered: March 2018 Location: Halifax, NS
|
Member |
|
|
I believe I've found the solution to this. Unfortunately I don't know exactly which setting resolved it and it's a bit perplexing that this would be necessary. Here's everything that was last changed, it's entirely container config values:
PHYSPAGES="3130368:3130368"
SWAPPAGES="0:1048576"
KMEMSIZE="3G:4G"
LOCKEDPAGES="256M"
PRIVVMPAGES="unlimited"
SHMPAGES="unlimited"
NUMPROC="unlimited"
VMGUARPAGES="0:unlimited"
OOMGUARPAGES="0:unlimited"
NUMTCPSOCK="unlimited"
NUMFLOCK="unlimited"
NUMPTY="unlimited"
NUMSIGINFO="unlimited"
TCPSNDBUF="unlimited"
TCPRCVBUF="unlimited"
OTHERSOCKBUF="unlimited"
DGRAMRCVBUF="unlimited"
NUMOTHERSOCK="unlimited"
DCACHESIZE="unlimited"
NUMFILE="unlimited"
NUMIPTENT="unlimited"
The astounding part is that the values previously were all numeric equivalents of 'unlimited' (massive INT values), which makes me wonder if perhaps that older notation no longer works properly. They were all set as such because the container was migrated from a vz6 node using the ovzmigrate script.
The most likely possibilities are in the TCP*, NUMIPTENT, NUMTCPSOCK changes. However again, these were changed from massive values to 'unlimited' which in real-world usage should have meant the same thing, yet they didn't.
|
|
|