Memory limitation

[FRiC]

Regarding the memory limitation starting with beta 4 as mentioned here... what are some recommended ways to reduce memory usage? I'm having a problem where a user got infected by a virus, and is opening thousands of random connections to port 25, which crashes the router.

(Besides upgrading the router to one with more memory.)

[Eric]

I'm not sure about the best way to fix the memory issue. There aren't one or two applications that are clearly sucking up all the memory.

However, the best way to deal with a port being flooded, as you describe, may be to limit the number of connections allowed per minute using iptables. Unfortunately you can't (at least not yet) do this via the web interface, but it's pretty easy if you just ssh in.

Once you ssh in, try running the following, which will add a rule to iptables to limit new port 25 connections to 10/minute

Code: Select all

iptables -N limit25
iptables -I FORWARD -j limit25
iptables -I INPUT -j limit25
iptables -A limit25 -p tcp --dport 25 -m state --state NEW -m limit --limit 10/minute --limit-burst 10 -j RETURN
iptables -A limit25 -p tcp --dport 25 -m state --state NEW -j DROP

[ynagy]

I tried iptables-save but this script doesn't exist even I tried to save the changes on /etc/rc.d/ but I couldn't find the proper file.
Am i going to lose it after reboot? How to save it?

[Eric]

Put the iptables rules in a file called /etc/firewall.user

Then add the following lines to the end of /etc/config/firewall:

Code: Select all

config 'include'
	option 'path' '/etc/firewall.user'