I am having trouble with my iptables. After entering about 250 ip addresses, it tells me there is a "memory allocation problem". Does anyone know how I might resolve this?

Thank you,

Frank

Can I ask you what you're trying to do ?

Looks like the memory zone allocated where the addresses are stored might be full.

I'm trying to ban some clowns who have been hitting my server thousands of times a day, using url's that never existed, ever.

They are mostly looking for login scripts and ip proxy (whatever that is) scripts. They cause my server to be slow, and sometimes unresponsive.

My hosting provider told me I could use the ip tables to ban ip addresses by using this:
iptables -I INPUT -s 64.246.46.113 -j DROP

Does anyone know of a better way to keep this from happening?

Star out the IP

You mean like this? 64.246.46.***

You could try something like fail2ban.
I never used it, but basically, it inspects the web and system logs, and when a specific ip try to enter too often, it temporarily update the tables to ban the ip for some times.

This could avoid your problem.
Otherwise, when googleing, I've stumbled upon this page:
http://forums.vpslink.com/showthread.php?t=1149
which in particulary have this indication:

Quote:

I just re-booted in order to have the new config take effect, as suggested.
First server reboot for several months.
However there seem to be some problems in this new config between OpenVZ and iptables.

I now see the following errors in the boot log.

iptables: Memory allocation problem
(repeated over 200 times...)

and
iptables: No chain/target/match by that name

and a whole series of errors like:
Couldn't load target `IN_SANITY':/lib/iptables/libipt_IN_SANITY.so: cannot open shared object file: No such file or directory

that were never there on previous server reboots.
Also whenever I try and add a new rule into my firewall I see:
iptables: Memory allocation problem

While the firewall will still add the rule, and although the firewall still seems to be up, some TCP ingress ports that should be CLOSED now seem to be OPEN.

Not good...

It seems that in the new config some iptables modules for iptables are not being loaded in the same way they were before, and there are some memory problems with iptables and the new OpenVZ config.

This recalls issues with iptables I had with OpenVZ and iptables in my initial signup for VPSLink a long time ago, which were subsequently recognised and fixed up on my node in May by Cameron from VPSLink, after a long period of much grief on my behalf with iptables firewalls.

and a bit lower:

Quote:

For info, the problem I had re iptables and the new OpenVZ configuration has been resolved.

Thanks VPSLink for the prompt response and prompt fix.

The problem was caused by a lowered ceiling for iptables rules in the new configuration file. This has now been restored to the previous setting.

Most likely you are on a Virtuozzo or OpenVZ server and need the kernel memory increased because they are using UBC and not SLM.

If it is a Virtuozzo server see if they will switch to SLM for you which would correct the problem.