Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.
The edit can be undone.
Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision |
Your text |
Line 170: |
Line 170: |
| of applications in the given container only. | | of applications in the given container only. |
| | | |
− | == numiptent ==
| + | Please visit my |
− | The number of NETFILTER (IP packet filtering) entries.
| |
| | | |
− | The <code>barrier</code> should be set equal to the <code>limit</code>.
| |
− | There is a restriction on the total number of <code>numiptent</code>.
| |
− | It depends on the amount of other allocations in so called “vmalloc”
| |
− | memory area and constitutes about <code>250000</code> entries.
| |
− | Violation of this restriction may cause failures of operations with
| |
− | IP packet filter tables (execution of <code>iptables(8)</code>)
| |
− | in any container or the host system,
| |
− | or failures of container starts.
| |
| | | |
− | Also, large <code>numiptent</code> cause considerable slowdown of processing
| + | |
− | of network packets. It is not recommended to allow containers
| + | |
− | to create more than 200–300 <code>numiptent</code>.
| + | |
| + | |
| + | |
| + | |
| + | |
| + | |
| + | Regards |
| | | |
| == swappages == | | == swappages == |