Regarding the memory limitation starting with beta 4 as mentioned here... what are some recommended ways to reduce memory usage? I'm having a problem where a user got infected by a virus, and is opening thousands of random connections to port 25, which crashes the router.
(Besides upgrading the router to one with more memory.)
Memory limitation
Moderator: Moderators
Re: Memory limitation
I'm not sure about the best way to fix the memory issue. There aren't one or two applications that are clearly sucking up all the memory.
However, the best way to deal with a port being flooded, as you describe, may be to limit the number of connections allowed per minute using iptables. Unfortunately you can't (at least not yet) do this via the web interface, but it's pretty easy if you just ssh in.
Once you ssh in, try running the following, which will add a rule to iptables to limit new port 25 connections to 10/minute
However, the best way to deal with a port being flooded, as you describe, may be to limit the number of connections allowed per minute using iptables. Unfortunately you can't (at least not yet) do this via the web interface, but it's pretty easy if you just ssh in.
Once you ssh in, try running the following, which will add a rule to iptables to limit new port 25 connections to 10/minute
Code: Select all
iptables -N limit25
iptables -I FORWARD -j limit25
iptables -I INPUT -j limit25
iptables -A limit25 -p tcp --dport 25 -m state --state NEW -m limit --limit 10/minute --limit-burst 10 -j RETURN
iptables -A limit25 -p tcp --dport 25 -m state --state NEW -j DROP
Re: Memory limitation
I tried iptables-save but this script doesn't exist even I tried to save the changes on /etc/rc.d/ but I couldn't find the proper file.
Am i going to lose it after reboot? How to save it?
Am i going to lose it after reboot? How to save it?
Re: Memory limitation
Put the iptables rules in a file called /etc/firewall.user
Then add the following lines to the end of /etc/config/firewall:
Then add the following lines to the end of /etc/config/firewall:
Code: Select all
config 'include'
option 'path' '/etc/firewall.user'