[ previous ] [ next ] [ threads ]
 From:  Kris Maglione <bsdaemon at comcast dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] mono wall 1.11 susceptible to dhcp dos attack
 Date:  Thu, 15 Sep 2005 15:08:34 -0400
Jonathan De Graeve wrote:

>What is considered a large dhcp load?
>I'm expecting some of 512 users on that network and I'm not willing to
>setup a different DHCP box.
>My box has 1GB of ram. It would be nice if the RAMdisk size could be set
>in configmode or something.
The size of the ramdisk can not be set because it is file backed. Your
m0n0wall image has a file called mfsroot.gz, which is a filesystem
image. This is mounted as your ramdisk (mfs=memory file system).
Whatever it's size is the size of your ramdisk. The only way to increase
it is make a custom image. The default is meant to be minimalistic. If
you want persistence, you need a real r/w hard disk partition.

512 users is big enough. ISC DHCPD's lease files are text based and
store a lot of metadata, and don't immediately remove old leases.