Is there an upper limit to PF's tables?
Kristof Provost
kristof at sigsegv.be
Thu Jun 14 19:18:18 UTC 2018
On 14 Jun 2018, at 19:40, Dave Horsfall wrote:
> I can't get access to kernel sauce right now, but I'm hitting over
> 1,000 entries from woodpeckers[*] etc; is there some upper limit, or
> is it just purely dynamic?
>
> aneurin% freebsd-version
> 10.4-RELEASE-p9
>
Ian already gave some good information, but it’s important to note
that there are a number of different limits, and the maximum number of
states is different from the limit on table sizes.
There’s no immediate limit to the number of addresses in a table. It
mostly depends on having enough memory.
On 12 you may start to run into issues loading it in one go once you
have more than 65k entries.
If you do run into that, that particular limit can be tuned using
`sysctl net.pf.request_maxcount`
Regards,
Kristof
More information about the freebsd-pf
mailing list