Firewall Wizards mailing list archives
Re: Firewall-1 and kernel memory
From: youngk () ttc com
Date: Thu, 21 Jan 1999 10:21:02 -0500
I have had to increase the Kernal memory for Firewall-1 on my Solaris
sparc
station in order to handle increased NAT traffic. My question is the following: does this memory refresh itself, or refresh after a reboot,
I assume that when you say that you are increasing kernel memory, you are making the "fwmem" config changes in /etc/system.... Since it is a setting for how much RAM the kernel module will use, it will get reallocated and refreshed upon reboot.
or is it constantly "eaten up"
Well, that is true also. The FW-1 installs that I have done for larger sites tend to show some memory leaks which cause the firewall proxies and kernel daemon to crash either rebooting the machine or leave the machine running with IP routing enabled and no firewall protection (eeek!!!). The smaller sites that I have seen don't tend to have this problem due to the lower amount of traffic that FW-1 passes. Make sure that you install at least FW-1 3.0b patch 3072. Latest patch is service pack 8 for FW-1 3.0, although I haven't tried it outside of a testing environment.
and several months from now, I'll have to increase the hmem again?
Don't go too high. If you put the setting over 16MB, FW-1 becomes very unstable when it tries to allocate memory over 16MB.
Also, does this increase come from the RAM pool or from actual physical memory (hard drive)?
All of the memory that you have set for "fwmem" comes from RAM and not from any kind of swap file. Would you really want your firewall kernel daemon swapping out to disk? :-) --Keith Young -youngk () ttc com
Current thread:
- Re: Firewall-1 and kernel memory youngk (Jan 21)