Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Martijn
Advisor
Advisor

Accelerated Drop Rules feature 'sim dropcfg'

Hi All,

On a R80.10 gateway with jumbo take 272 I am testing the Accelerated Drop Rules feature from sk67861. I have created a file with IP-addresses, but get an error when importing this file.

ioctl to the SecureXL device failed (rc=-1, errno=12)
ioctl failed

The file contains 6694 entries, so maybe this is above some kind of limit. So I created a file with only one IP-address and this seems to work:

[Expert@FW:0]# sim dropcfg -f test
Drop rules (Match after conn lookup):
Enforced on all interfaces
Source Destination DPort PR
------------------ ------------------ ----- ---
1.1.1.1/32 * * *

Are you sure you want to continue (Y/N) ?
y
drop entries configured successfully

But when I check to see if everything is OK, I get the following error:

[Expert@FW:0]# sim dropcfg -l
ioctl getdropcfg#1 failed

Has anyone used this function before with success? Does any one know what those errors mean? Is there a limit for the number of entries in the file?

Best regards, Martijn

 

 

 

0 Kudos
4 Replies
This widget could not be displayed.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events