You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If we make a given port available only to a particular user, using iptables and the owner module, that user is not able to make many tcp connections to the specified port in a short period of time, causing applications which rapidly open and close a large number of connections to hang.
nc -l -k 12355
3. Login as user web1 and run this command:
for i in {1..10000}; do echo "date " ; echo "$i \n" && echo 1 | telnet 127.0.0.1 12355 2>&1 > /dev/null; done
At some point, way before the 10000th iteration, the cycle will hang. It doesn't usually stop on the exact same connection. It could stop after 500, or 2000, etc. There are no errors or warnings in dmesg or /var/log/messages.
If we remove the corresponding firewall rules and run the for cycle, the process doesn't hang. There is no such issue in CentOS 7.
While the process is stuck and we cannot make a connection to port 12355 from localhost, if the port is open to the world we can still make a connection from outside our system.
The text was updated successfully, but these errors were encountered:
Hello,
If we make a given port available only to a particular user, using iptables and the owner module, that user is not able to make many tcp connections to the specified port in a short period of time, causing applications which rapidly open and close a large number of connections to hang.
Environment:
AlmaLinux release 8.8 (Sapphire Caracal)
4.18.0-477.15.1.el8_8.x86_64
iptables v1.8.4 (nf_tables)
Ncat: Version 7.91 ( https://nmap.org/ncat )
Steps to reproduce:
nc -l -k 12355
3. Login as user web1 and run this command:
for i in {1..10000}; do echo "
date" ; echo "$i \n" && echo 1 | telnet 127.0.0.1 12355 2>&1 > /dev/null; done
At some point, way before the 10000th iteration, the cycle will hang. It doesn't usually stop on the exact same connection. It could stop after 500, or 2000, etc. There are no errors or warnings in dmesg or /var/log/messages.
If we remove the corresponding firewall rules and run the for cycle, the process doesn't hang. There is no such issue in CentOS 7.
While the process is stuck and we cannot make a connection to port 12355 from localhost, if the port is open to the world we can still make a connection from outside our system.
The text was updated successfully, but these errors were encountered: