Page 1 of 1

firewalld - problem with ipset

Posted: 2020/06/26 10:39:44
by mghe
Dear Team,

Today i notice problem with firewall. I use firewalld.

Firewall can't reload, error below:

Code: Select all

...
ipset v7.1: Error in line 200003: Hash is full, cannot add more elements
...
'/usr/sbin/iptables-restore -w -n' failed: iptables-restore: line 2 failed
...
I can't mange it, so finally just removed all ipsets and firewalld works fine.

Do you have idea where was a problem?


Kind regards,
M.

Re: firewalld - problem with ipset

Posted: 2020/06/26 10:54:43
by TrevorH
ipset v7.1: Error in line 200003: Hash is full, cannot add more elements
ipsets are created with a size so you need to adjust it. The man page says:

Code: Select all

   hashsize
       This  parameter  is  valid for the create command of all hash type sets.  It defines the initial hash size for the set, default is
       1024. The hash size must be a power of two, the kernel automatically rounds up non power of two hash sizes to  the  first  correct
       value.  Example:

              ipset create test hash:ip hashsize 1536