Firewalld using too much memory (Alma 8.4)

I’m migrating several CentOS 7 servers to Alma 8.4 and I noticed an issue with memory usage of firewalld. These servers are small 1GB systems, so this issue caused dead installations because once they boot, 100% of memory is consumed and the kernel starts killing everything.

In CentOS 7, existing firewalld uses 43MB:

root       402  0.0  2.2 372360 43084 ?        Ssl  May24   0:04 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid

Once updated to Alma 8.4, firewalld uses 774MB:

root         564  0.0 20.2 1056284 774616 ?      Ssl  Jun04   1:14 /usr/libexec/platform-python -s /usr/sbin/firewalld --nofork --nopid

Thats right, memory usage went from 43MB to 774MB, consuming almost all of the available 1GB of ram.

Further investigation revealed that the cause of this issue is related to my ipset rules, which are identical in both the CentOS 7 systems as well as the new Alma 8.4 systems. My rules are the entire ranges of 33 countries, which result in 76138 different ranges of IPv4+IPv6 rules, under /etc/firewalld/ipsets/.

Of course, if I remove them all, memory usage goes back to normal. I don’t know if this issue is specific to Alma, or if its something related to an upstream project (rhel, or firewalld, or whatever firewalld is a front-end for.

Any ideas would be appreciated.

Thank you!

Not much help, but seems to me a known issue

Thank you for the pointer!

I guess nobody cares to fix this issue and even if it was fixed, it would take several years before it became available to us. I’ll need to find some alternative way to block addresses.