firewalld - problem with ipset

Support for security such as Firewalls and securing linux
Post Reply
mghe
Posts: 757
Joined: 2015/11/24 12:04:43
Location: Katowice, Poland

firewalld - problem with ipset

Post by mghe » 2020/06/26 10:39:44

Dear Team,

Today i notice problem with firewall. I use firewalld.

Firewall can't reload, error below:

Code: Select all

...
ipset v7.1: Error in line 200003: Hash is full, cannot add more elements
...
'/usr/sbin/iptables-restore -w -n' failed: iptables-restore: line 2 failed
...
I can't mange it, so finally just removed all ipsets and firewalld works fine.

Do you have idea where was a problem?


Kind regards,
M.

User avatar
TrevorH
Forum Moderator
Posts: 29071
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: firewalld - problem with ipset

Post by TrevorH » 2020/06/26 10:54:43

ipset v7.1: Error in line 200003: Hash is full, cannot add more elements
ipsets are created with a size so you need to adjust it. The man page says:

Code: Select all

   hashsize
       This  parameter  is  valid for the create command of all hash type sets.  It defines the initial hash size for the set, default is
       1024. The hash size must be a power of two, the kernel automatically rounds up non power of two hash sizes to  the  first  correct
       value.  Example:

              ipset create test hash:ip hashsize 1536
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

Post Reply

Return to “CentOS 7 - Security Support”