Issues with PF and 7.1

Zinevich Denis link at ngc.net.ua
Sat Feb 28 02:22:24 PST 2009 

Hello.
Sorry, but i have no exact answer to your question.
I have problems with pf on 7.1 too.
But i`ve noticed difference between 7.1-p2 and 7.1-p3
My problem appears only in p3 not in p2
may your problem is fixed in p3 ?
Michael K. Smith - Adhost пишет:
> ** Apologies to folks already subscribed to pf at freebsd.org.  This was posted there as well but I'm not getting any responses at all so I thought it best to post it here as well. **
> 
> 
> We are having memory issues with PF and 7.1p2 that we didn't experience with 6.3.   Here's what happens.
> 
> # pfctl -f /usr/local/etc/pf.conf
> /usr/local/etc/pf.conf:135: cannot define table smtpd_reject_policyd: Cannot allocate memory
> /usr/local/etc/pf.conf:139: cannot define table smtpd_reject_spam: Cannot allocate memory
> pfctl: Syntax error in config file: pf rules not loaded
> # pfctl -t smtpd_reject_policyd -T flush
> 94390 addresses deleted.
> # pfctl -t smtpd_reject_spam -T flush
> 62464 addresses deleted.
> # pfctl -f /usr/local/etc/pf.conf
> 
> So, after I flush the tables it loads.  Sometimes, however, we get a global out of memory error " DIOCADDRULE: Cannot allocate memory "
> 
> Here are my entries from pf.conf for various limits.  Everything else is defaults.
> 
> set limit tables 500
> set limit table-entries 250000
> set limit { states 1000000, src-nodes 300000, frags 100000 }
> set optimization normal
> set skip on lo0
> set state-policy if-bound
> set timeout interval 300
> set timeout src.track 1200
> 
> Finally, the box is using EM interfaces with VLAN's and has 4 Gig of physical RAM.  There are two PF boxes in Active/Failover and the errors show up on both, although they seem to show up more often on the Backup device, which seems odd.
> 
> Any help would be greatly appreciated.  
> 
> Regards,
> 
> Mike
> 
> --
> Michael K. Smith - CISSP, GISP
> Chief Technical Officer - Adhost Internet LLC
> mksmith at adhost.com
> w: +1 (206) 404-9500 f: +1 (206) 404-9050
> PGP: B49A DDF5 8611 27F3  08B9 84BB E61E 38C0 (Key ID: 0x9A96777D)
> 
>

More information about the freebsd-questions mailing list