6,534
edits
Changes
m
Please visit my == numiptent ==The number of NETFILTER (IP packet filtering) entries.
of applications in the given container only.
The <code>barrier</code> should be set equal to the <code>limit</code>.
There is a restriction on the total number of <code>numiptent</code>.
It depends on the amount of other allocations in so called “vmalloc”
memory area and constitutes about <code>250000</code> entries.
Violation of this restriction may cause failures of operations with
IP packet filter tables (execution of <code>iptables(8)</code>)
in any container or the host system,
or failures of container starts.
Also, large <code>numiptent</code> cause considerable slowdown of processingof network packets. It is not recommended to allow containers Regardsto create more than 200–300 <code>numiptent</code>.
== swappages ==
