Re: "pfctl: Cannot allocate memory" issue with a large table

From: Marcel Bischoff <>
Date: Wed, 27 Oct 2021 10:02:11 UTC
On 21/10/26, Chris wrote:
>Have you reached your STATE limit?
>OTOH you might try adding the IPs from the list individually. Something like:
>for block in $iplist
>	pfctl -T add -t <your-table-name-here> $block
>I'm managing about a half dozen tables with a combined number of a over
>quarter of a billion addresses, and don't have a problem. Even on a servers
>with as little as 8GB RAM.

Thanks for the suggestion. As far as I can tell, this shouldn't be the 
case, as the server in question is a relatively quiet server with regard 
to traffic. It is extremely unlikely that more active states than 
configured are held concurrently. That being said, I have raised the 
limit temporarily and will be monitoring the situation.

Could you please elaborate as to why you think this may be related? I 
would like to understand the inner workings of pf a bit better.