Search results

The simplest solution is this: iptables -A FORWARD -m physdev --physdev-out bond0.+ -p tcp -m tcp --syn --dport 25 -m hashlimit --hashlimit-above 10/min --hashlimit-mode srcip --hashlimit-name smtp-limit -j DROP Not perfect, but stops the massive spam. Replace bond0 with your physical...

Edit /etc/rc.d/rc.sysinit and comment out the line that says: /sbin/start_udev and reboot This fixed it for me

They are very usefull, as i don't need to write my own graphing system :) Will open a bug report now.

Hello I'm getting the following error on proxmox 5, when trying to access rrd. pvesh get /nodes/jx213-s20/lxc/105/rrd -ds cpu -timeframe day RRD error: Could not save png to '' It's working well on proxmox 4. I've just dist-upgrade today, but did not solve the issue. Anyone's got an idea?

Hello I've seen some vulnerabilities in qemu-kvm, that were recently patched. For ex, CVE-2017-7980 In the redhat announcements, i saw they require a stop of all VMs for the update to take effect. Do we need to follow the same procedure when proxmox updates the qemu? Or it's patched in...

Thank you for the answer!

Thank you very much!

Hello Is there any way to filter the ARP replies? Ex: 09:45:12.141931 ARP, Reply xx.xx.xx.xxis-at b2:cb:9f:21:38:a8, length 46 I've had today a customer attempting to use another user's IP. The firewall blocked tcp/udp etc, but he still managed to answer ARP requests making the other...

Would a lxc container be able to use 1 single pid with many threads (bypassing the max-pids limit)?

Thank you for the answer. I mean the number of threads a process/pid can spawn. Similar with /proc/sys/kernel/threads-max but per container.

Is there a way to limit the number of process threads per LXC container?

Try 200 as a test.

Have you tried a lower max-pid?

Very hard. 1. The solution is to be connected on the node, and when the first nmi_watchdog error apears (usualy by KVM), to copy the PID from it and check /proc/PID/cgroup to see to which container it belongs before the node dies. It's not 100% foolproof, but in most cases it provides the real...

I've set 500 by default, 3k seems very large for a container (personal opinion) But i had some containers that were able to crash the node with the nmi watchdog issue, with more than 150pids. I've limited 2-3 such containers manually to 150. Since i've set it to 500, i've had the nmiwatchdog...

For me, no. The only solution that worked for me was limiting the pids per container.

This is the output: root@dx411-s19:~# pveversion -V proxmox-ve: 4.4-86 (running kernel: 4.4.40-1-pve) pve-manager: 4.4-13 (running version: 4.4-13/7ea56165) pve-kernel-4.4.35-1-pve: 4.4.35-77 pve-kernel-4.4.35-2-pve: 4.4.35-79 pve-kernel-4.4.49-1-pve: 4.4.49-86 pve-kernel-4.4.40-1-pve...

Weirdly, if i start it using lxc-start -n ID it starts. However, pct fails: Job for lxc@1000000.service failed. See 'systemctl status lxc@1000000.service' and 'journalctl -xn' for details. root@dx411-s19:/etc/pve/lxc# systemctl status lxc@1000000.service â lxc@1000000.service - LXC Container...

On one of my nodes, i'm unable to start few containers (that used to work). The logs show: lxc-start 20170413215245.766 ERROR lxc_conf - conf.c:send_fd:3794 - Too many references: cannot splice - Error sending tty fd to parent lxc-start 20170413215245.766 ERROR lxc_conf -...

Thank you very much guys. Works like a charm.