. > > The solution I'm going to substitute is based on > Linux-iptables which requires more than 1000 rules.
You have my deepest sympathies, it must be a nightmare to manage. > Is there a rules number limit or a session number limit > implemented in PFsense? Nothing which isnt documented already in http://www.freebsd.org/cgi/man.cgi?query=pf.conf&apropos=0&sektion=0&manpath =FreeBSD+6.0-stable&format=html in particular 'set limit'. The only real limits I've found are how much memory and CPU you can throw at the problem. If I was to hazard a guess, I would reckon that your 1000 iptables rules will condense down to perhaps half that amount or less once you take advantage of features such as Tables. You will get a much better idea by posting here http://forum.pfsense.com/ It's bit more active there than the mailing list. Throughput wise, I've deployed PF on FreeBSD into production roles where it runs stateful packet filtering at close to gig-e wire speed. Greg
