PF cannot allocate memory on reload
Miroslav Lachman
000.fbsd at quip.cz
Fri Aug 25 12:47:38 UTC 2017
I have PF rules with some large tables. The biggest one is with Tor IPs
- 198239 entries in table tor_net.
When I try to reload PF I get error like these:
/etc/pf.conf.tmp:37: cannot define table reserved: Cannot allocate memory
table <czech_net> persist file "/etc/pf.czech_net.table"
/etc/pf.conf.tmp:38: cannot define table czech_net: Cannot allocate memory
table <goodguys> persist file "/etc/pf.goodguys.table"
/etc/pf.conf.tmp:39: cannot define table goodguys: Cannot allocate memory
table <badguys> persist file "/etc/pf.badguys.table"
/etc/pf.conf.tmp:40: cannot define table badguys: Cannot allocate memory
table <tor_net> persist file "/etc/pf.tor_net.table"
table <bruteforce> persist
table <ssh_bruteforce> persist
set limit table-entries 300000
set block-policy drop
set loginterface em1
set skip on { lo0 xyz1 }
pfctl: Syntax error in config file: pf rules not loaded
The possible workaround is to flush table tor_net, reload PF and then
add IPs to the table tor_net.
Is there something I can tune to prevent these errors?
This is on FreeBSD 10.3-RELEASE-p18 amd64 GENERIC
Miroslav Lachman
More information about the freebsd-pf
mailing list