[Bug 263626] PF is unable to load more than 200000 entries

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 29 Apr 2022 17:30:27 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263626

Chris Hutchinson <portmaster@bsdforge.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |portmaster@bsdforge.com

--- Comment #1 from Chris Hutchinson <portmaster@bsdforge.com> ---
With 1,269,713 lines total in 58 tables and a total
of a quarter billion IP addresses entered in CIDR notation.

I have only the following changes in
loader.conf(5)
net.pf.states_hashsize=65536
net.pf.source_nodes_hashsize=16384
net.pf.request_maxcount=2500000

and in pf.conf(5)
set limit table-entries 1700000
set limit states 600000

and I don't experience your trouble.
Were you ever able to load these tables?
Are you able to load them during boot? Or
is this only a problem when attempting to REload them?
If it's re-load that is the problem. You have to
understand that generally speaking, you require twice
the memory to reload tables as to simply load them.

You would probably do well to merge the
files "/etc/spammers" and "/etc/blocklist"
into simply "/etc/BLOCKED" and use:
table <blocked> persist file "/etc/BLOCKED"

HTH

--Chris

-- 
You are receiving this mail because:
You are the assignee for the bug.