Large table issue
quentin.narvor
quentin.narvor at ensi-bourges.fr
Wed May 18 13:01:08 UTC 2011
On Wed, 18 May 2011 15:34:49 +0300, Richard Brendörfer wrote:
> Hi,
> try with _set limit table-entries number_ in pf.vonf or split you
> table in 2 or 3 tables.
>
Hi,
I forgot to say that I have already set this option to 3000000 in my
pf.conf.
I have tried to split the table in smaller pieces (~450000 entries in
each table) but the command "pfctl -f /etc/pf.conf" gives me the same
memory issue when loading the third table.
I don't know the precise number but it seems that there is a limit near
1000000 entries for the sum of all tables, even with the limit
table-entries set to 3000000.
> On Wed, May 18, 2011 at 2:03 PM, quentin.narvor wrote:
>
>> I am trying to detect problems on hosts in my network : I want to
>> detect when a communication occurs with a compromised host.
>> I have built a blacklist which holds near 2 millions ip (spam,
>> malware.... hosts).
>>
>> But I can't load it into pf, I get this when I try :
>>
>> /etc/pf.conf:6: cannot define table bl: Cannot allocate
>> memory
>> pfctl: Syntax error in config file: pf rules not loaded
>>
>> I suspect there is a memory limitation somewhere (in the kernel ??)
>> which prevent me from loading the table but I am not very
>> comfortable with kernel variables.
>> I have already try modifying kern.maxssiz and kern.dflsiz without
>> success.
>>
>> Any idea?
>> _______________________________________________
>> freebsd-pf at freebsd.org [1] mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-pf [2]
>> To unsubscribe, send any mail to
>> "freebsd-pf-unsubscribe at freebsd.org [3]"
>
>
>
> Links:
> ------
> [1] mailto:freebsd-pf at freebsd.org
> [2] http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> [3] mailto:freebsd-pf-unsubscribe at freebsd.org
> [4] mailto:quentin.narvor at ensi-bourges.fr
More information about the freebsd-pf
mailing list