GFI Software

Welcome to the GFI Software community forum! For support please open a ticket from https://support.gfi.com.

Home » Product Feedback » Kerio Control Feedback » NFQUEUQ LIMIT (nf_queue: full at 1024 entries, dropping packets(s))
dialog-warning.png  NFQUEUQ LIMIT [message #147647] Thu, 27 February 2020 12:15 Go to next message
eshkhmed
Messages: 4
Registered: December 2018
To avoid dropping packets by kernel on high load (debug messages like nf_queue: full at 1024 entries, dropping packets(s)) please increase parameter NFQNL_QMAX_DEFAULT from 1024 to 8192!!
This parameter defined in file net/netfilter/nfnetlink_queue_core.c of linux kernel source, that using kerio control.

Report message to a moderator

Re: NFQUEUQ LIMIT [message #148389 is a reply to message #147647] Sat, 04 July 2020 00:30 Go to previous message
CristianoIera is currently offline  CristianoIera
Messages: 5
Registered: February 2014
Nice idea.
The kerio control engine is too sensible to DDOS attacks, it doesn't detect and close correctly the half-open connections in a DDOS attack. It's really easy to make it unresponsive also with a badwidth of 200Mbits only (xeon, 8GB, 6 core).

Report message to a moderator

Previous Topic: High Availability - Matching Interface Restrictions
Next Topic: Time ranges for Wifi Interfaces
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Mon Sep 25 02:52:25 CEST 2023

Total time taken to generate the page: 0.04291 seconds
.:: Contact :: Home :: Acceptable Use Policy ::.

Powered by: FUDforum 3.0.9.
Copyright ©2001-2022 FUDforum Bulletin Board Software