Search Results

Search found 3 results on 1 pages for 'twirrim'.

Page 1/1 | 1 

• baffling stat pauses - (reiserfs)

  - by Twirrim

  I've got a SuSE server with reiserfs formatted partitions, all on a RAID1 mirror. I'm noticing odd spikes in iowait, but generally all seems okay. iostat claims not even 3% iowait in general: avg-cpu: %user %nice %system %iowait %steal %idle 6.53 0.03 1.45 2.92 0.00 89.07 After tracking down some odd behaviour when ls'ing, it appears "stat" (ls is aliased to include color which does a stat process on each file) randomly takes 5 seconds on a file in the directory. ReiserFS does a file system sync every 5 seconds, but that's interval between not length of time taken to sync. Out of curiosity I did remount using noatime to see if that would help though as it would reduce sync's workload, but no joy. Anyone got any thoughts what might be causing this pause? Disks appear healthy, RAID controller believes the RAID is healthy, and io stats show the disks aren't working very hard at all.

  Read the article

• iptables, blocking large numbers of IP Addresses

  - by Twirrim

  I'm looking to block IP addresses in a relatively automated fashion if they look to be 'screen scraping' content from websites that we host. In the past this was achieved by some ingenious perl scripts and OpenBSD's pf. pf is great in that you can provide it nice tables of IP addresses and it will efficiently handle blocking based on them. However for various reasons (before my time) they made the decision to switch to CentOS. iptables doesn't natively provide the ability to block large numbers of addresses (I'm told it wasn't unusual to be blocking 5000+), and I'm a bit cautious over adding that many rules into an iptable. ipt_recent would be awesome for doing this, plus it provides a lot of flexibility for just severely slowing down access, but there is a bug in the CentOS kernel that is stopping me from using it (reported, but awaiting fix). Using ipset would entail compiling a more up-to-date version of iptables than comes with CentOS which whilst I'm perfectly capable of doing it, I'd rather not do from a patching, security and consistency perspective. Other than those two it looks like nfblock is a reasonable alternative. Is anyone aware of other ways of achieving this? Are my concerns about several thousand IP addresses in iptables as individual rules unfounded?

  Read the article

• iptables, blocking large numbers of IP Addresses

  - by Twirrim

  I'm looking to block IP addresses in a relatively automated fashion if they look to be 'screen scraping' content from websites that we host. In the past this was achieved by some ingenious perl scripts and OpenBSD's pf. pf is great in that you can provide it nice tables of IP addresses and it will efficiently handle blocking based on them. However for various reasons (before my time) they made the decision to switch to CentOS. iptables doesn't natively provide the ability to block large numbers of addresses (I'm told it wasn't unusual to be blocking 5000+), and I'm a bit cautious over adding that many rules into an iptable. ipt_recent would be awesome for doing this, plus it provides a lot of flexibility for just severely slowing down access, but there is a bug in the CentOS kernel that is stopping me from using it (reported, but awaiting fix). Using ipset would entail compiling a more up-to-date version of iptables than comes with CentOS which whilst I'm perfectly capable of doing it, I'd rather not do from a patching, security and consistency perspective. Other than those two it looks like nfblock is a reasonable alternative. Is anyone aware of other ways of achieving this? Are my concerns about several thousand IP addresses in iptables as individual rules unfounded?

  Read the article

1