OpenVZ Forum


Home » General » Support » Occasionally iptables blocks simply stop working
Re: Occasionally iptables blocks simply stop working [message #53742 is a reply to message #53614] Fri, 02 April 2021 00:13 Go to previous message
wsap is currently offline  wsap
Messages: 52
Registered: March 2018
Location: Halifax, NS
Member
From: notavpn.ca
I believe I've found the solution to this. Unfortunately I don't know exactly which setting resolved it and it's a bit perplexing that this would be necessary. Here's everything that was last changed, it's entirely container config values:

PHYSPAGES="3130368:3130368"
SWAPPAGES="0:1048576"
KMEMSIZE="3G:4G"
LOCKEDPAGES="256M"
PRIVVMPAGES="unlimited"
SHMPAGES="unlimited"
NUMPROC="unlimited"
VMGUARPAGES="0:unlimited"
OOMGUARPAGES="0:unlimited"
NUMTCPSOCK="unlimited"
NUMFLOCK="unlimited"
NUMPTY="unlimited"
NUMSIGINFO="unlimited"
TCPSNDBUF="unlimited"
TCPRCVBUF="unlimited"
OTHERSOCKBUF="unlimited"
DGRAMRCVBUF="unlimited"
NUMOTHERSOCK="unlimited"
DCACHESIZE="unlimited"
NUMFILE="unlimited"
NUMIPTENT="unlimited"


The astounding part is that the values previously were all numeric equivalents of 'unlimited' (massive INT values), which makes me wonder if perhaps that older notation no longer works properly. They were all set as such because the container was migrated from a vz6 node using the ovzmigrate script.

The most likely possibilities are in the TCP*, NUMIPTENT, NUMTCPSOCK changes. However again, these were changed from massive values to 'unlimited' which in real-world usage should have meant the same thing, yet they didn't.
 
Read Message
Read Message
Previous Topic: BUG? OVZ 7 + CentOS 8 + iptables v1.8.4 (nf_tables)
Next Topic: ext4 checksum errors after upgrade to OpenVZ 7.0.16
Goto Forum:
  


Current Time: Mon Oct 25 10:28:37 GMT 2021