David L wrote:
> My recent upgrade to 4.1 has been brought to it's knees by a
> 300MB /var/log/messages file consisting mostly of Packet
> log: denylog DENY eth0 PROTO=17 xxx.xxx.xxx.xxx:137 etc.
> messages. It's spending all of it's time on disk access, not
> serving any web pages.
> Did a clean install on a different machine and the same thing
> was starting to happen. NTP is disabled. The only thing the
> two have in common are realtek ethernet drivers. Is this
> what the problem is?
No, the problem is a combination of the new packet filter, and a large number of netbios name requests on your external interface. The external interface is normally connected to the Internet, and there shouldn't be a lot of computers hitting your server with such requests. Perhaps your external interface is instead connected to a network of Windows computers.
Ask again on this forum if you want some pointers on how to block these packets without logging them.
Charlie