This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Bob_Zimmerman
MVP Gold
MVP Gold
‎2023-08-03 07:54 AM
In response to Alex-

I would bump it to 250k or more. The point of the hard connections table limit is to protect other VSs on the system from resource exhaustion attacks against one VS. That is, if someone tries to fill up the connections table of your Internet VS, they won't also take down your interior VSs or the VS handling a second Internet connection. Ever since R67 (the first version to move to the 2.6 kernel), the connections table has been able to use many gigabytes of space, so the practical limit for the whole box is generally in the tens of millions of connections.

Unless you're running a hundred VSs on a box, or you're running with very little RAM, tiny tables don't protect you from anything. Instead, they just shoot you in the foot like this over and over as load increases.

View solution in original post

(1)
Who rated this post