| 1 |
Thanks again for the quick reply! It'll be interesting to compare |
| 2 |
configs. I have begun the "boolean reduction compilation" process: |
| 3 |
deactivating half of the grsec/pax stuff; testing; reactivating that |
| 4 |
half and deactivating the remaining half; etc. :-( |
| 5 |
|
| 6 |
Also looking at 2.6.21 ...... |
| 7 |
|
| 8 |
Could you also attach your iptables rules? I presume you're doing a |
| 9 |
pretty straight forward FW (e.g. allow outgoing; drop or block |
| 10 |
incoming; check for tcp flags; log martians; etc.) |
| 11 |
|
| 12 |
|
| 13 |
On 5/2/07, Caleb Cushing <xenoterracide@×××××.com> wrote: |
| 14 |
> |
| 15 |
> I've attached the config, and I haven't noticed any issues with slowness |
| 16 |
> I'm running 2.6.20 on 3 boxes, but not hardened. so it could be a hardened |
| 17 |
> patch. I just know iptables had major changes. |
| 18 |
> |
| 19 |
> On 5/2/07, 7v5w7go9ub0o <7v5w7go9ub0o@×××××.com> wrote: |
| 20 |
> > |
| 21 |
> > Thank You!! for the quick response. |
| 22 |
> > |
| 23 |
> > Yes.... please do let me see your config file. I've been thinking of |
| 24 |
> > doing this for a while, and now is a good time. |
| 25 |
> > |
| 26 |
> > Are you running 2.6.20x? If yes, is it as responsive as '18x ? |
| 27 |
> > |
| 28 |
> > TIA |
| 29 |
> > |
| 30 |
> > On 5/1/07, Caleb Cushing < xenoterracide@×××××.com> wrote: |
| 31 |
> > > |
| 32 |
> > > don't know about being slow but iptables had major changes in 2.6.20.xso you probably will have to go through those manually. I can give you my |
| 33 |
> > > config for iptables if you need help getting it working. |
| 34 |
> > > |
| 35 |
> > > On 5/1/07, 7v5w7go9ub0o <7v5w7go9ub0o@×××××.com> wrote: |
| 36 |
> > > > |
| 37 |
> > > > Just installed 2.6.20-r2, and find it particularly slow - slow to |
| 38 |
> > > > boot, slow to operate (high cpu), while 2.6.18-r6 is quick, with low |
| 39 |
> > > > cpu useage. |
| 40 |
> > > > |
| 41 |
> > > > Any ideas, please? (e.g. there was a configuration option a few |
| 42 |
> > > > releases ago that snuck in and slowed things down; I've forgotten which it |
| 43 |
> > > > was :-( ) |
| 44 |
> > > > |
| 45 |
> > > > (Same kernel configurations; had to update udev from 104-r12 to |
| 46 |
> > > > 109-r1 to keep from crashing during the boot process; replaced firehol with |
| 47 |
> > > > shorewall 3.4.2, which works on 2.6.18-r6 just fine, but fails on |
| 48 |
> > > > 2.6.20-r2 . Did not upgrade gradm, as it's likely I'll stay with |
| 49 |
> > > > '18) |
| 50 |
> > > > |
| 51 |
> > > > TIA |
| 52 |
> > > > |
| 53 |
> > > |
| 54 |
> > > |
| 55 |
> > > |
| 56 |
> > > -- |
| 57 |
> > > Caleb Cushing |
| 58 |
> > |
| 59 |
> > |
| 60 |
> > |
| 61 |
> |
| 62 |
> |
| 63 |
> -- |
| 64 |
> Caleb Cushing |
| 65 |
> |
Archives