Hello,
this morning, one of my Ipfires exhibited strange behavior.
The following lines appeared in the log:
Nov 4 06:07:03 ipfirehe kernel: nfnetlink_queue: nf_queue: full at 4096 entries, dropping packet(s)
Nov 4 06:07:07 ipfirehe last message repeated 9 times
Nov 4 06:07:08 ipfirehe kernel: net_ratelimit: 6 callbacks suppressed
Nov 4 06:07:08 ipfirehe kernel: nfnetlink_queue: nf_queue: full at 4096 entries, dropping packet(s)
Nov 4 06:07:10 ipfirehe last message repeated 9 times
Nov 4 06:07:14 ipfirehe kernel: net_ratelimit: 11 callbacks suppressed
Nov 4 06:07:14 ipfirehe kernel: nfnetlink_queue: nf_queue: full at 4096 entries, dropping packets (s)
This happened for 2 hours. During this time, it was not possible to ping the system. Not on red and not on green. Nothing worked at all. The system did not respond to anything via the network. After 2 hours, it suddenly worked again.
If I understand correctly, this probably has something to do with the web proxy. The RAM was almost full and the CPU also had a severe spike within those 2 hours. After I cleared the web proxy cache and restarted the service, the system calmed down again. Just for your information.
But the real question is:
Why does the system block all communication when the web proxy goes haywire?
Is this a bug?