hello to all those kind enough to check this post out,

I have just got linblock up and running but I have a few problems.

1) It takes a long time for linblock to add the rules -->after<-- they are downloaded and parsed, probably something in the area of about 45 minutes I think.
I am wondering if this is normal: system specs P3 667 oc'ed to 710 mhz, 256 megs of ram, in a asus p3v4x MoBo

2) It is hard to tell if all these rules are slowing down my machine but I thought that I would take the authors suggestion found here http://dessent.net/linblock/ and do which seemed to help.

Unfortunately when the linblock script is rerun under a cronjob (45 minutes at 99% cpu load warrants a cronjob in my books for sure) it gives an error,
Error: Couldn't remove chain antip2p from INPUT chain. I have tried flushing the rules for this chain and deleting the chain with : and then but iptables returns: iptables too many links ?????

everything works fine if I dont run any ideas folks?

bumperama, bumpenstein, bumpzilla...
helloooo anybody out there.

Perhaps I should try a different section of this forum????

How many rules are being inserted by linblock?

Also, the error is probably because the rule you specified links to the one to be deleted.

question:
answer:
There can be thousands of drop rules one for each ip that is to be blocked. Linblock parses a file downloaded from bluetack(typically has thousands of entries I think) than enters these rules into ip tables with perl. Is there a limitation to the number of rules????

Hmmmm well I have cheated with iptables using the nice susefirewall2 wrapper so far so, so my knowledge is limited but if I understand you correctly than flushing the rules for that chain, which I did b4 deleting that chain should fix the problem shouldnt it?

Do you use linblock , Matir ?

P.S. thanks for answering, I swear I could hear the crickets chirping at night when I asked this particular question

I do not use linblock, but I have just looked at the source of it.

If the linblock system actually adds an iptables rule for each IP, and its thousands of rules, it could take a bit of time to insert. Keep in mind EVERY packet your system handles will need to be examined by each rule, until it reaches a 'terminating condition'... this can increase network latency.

Anyway, the other error is in the case that there are still rules pointing to the antip2p chain... not that there are rules in it.

I guess maybe it would be better too ask how I could fix this and the answer might be a good way of explaining. I have an ugly work around in place for this problem right now.

Oh and the impact on the network can be reduced if you are running a stateful firewall and do unfortunately I have not been able to issue this command in a cron job and I get this mail from cron :
From: rootatfatmansite (Cron Daemon)
To: rootatfatmansite
Subject: Cron <rootatfatman> iptables -R INPUT 1 -m state --state NEW,RELATED -j antip2p
X-Cron-Env: <SHELL=/bin/sh>
X-Cron-Env: <HOME=/root>
X-Cron-Env: <PATH=/usr/bin:/bin>
X-Cron-Env: <LOGNAME=root>
X-Cron-Env: <USER=root>
Message-Id: <20050630051502.F22EC12B4F@fatman.site>
Date: Thu, 30 Jun 2005 00:15:02 -0500 (CDT)

/bin/sh: iptables: command not found

I am sure iptables is in roots path do I have to call iptables like this /somepath/iptables because I cannot seem to find where it resides?

thanks again

Clearly, the path during CRON is /usr/bin:/bin (marked in the email). iptables is usually /sbin/iptables. As root, run 'which iptables' to confirm this.

uhmm yes I found iptables with locate iptables not sure where you are going with the cron thing though, didnt ask where cron was. I think I was up to late the first time I was looking for iptables and missed it with my tired eyes "which iptables" was a better option.

Still the question of how to correct the iptables too many links problem is open

You cannot have ANY rules which contain '-j CHAINTODELETE' when you are deleting a chain. You must delete the 'iptables -R INPUT 1 -m state --state NEW,RELATED -j antip2p' rule BEFORE deleting the antip2p chain.