On Wed, 18 May 2011 15:34:49 +0300, Richard Brendörfer wrote:
Hi,
try with _set limit table-entries number_ in pf.vonf or split you
table in 2 or 3 tables.
Hi,
I forgot to say that I have already set this option to 3000000 in my
pf.conf.
I have tried to split the table in smaller pieces (~450000 entries in
each table) but the command "pfctl -f /etc/pf.conf" gives me the same
memory issue when loading the third table.
I don't know the precise number but it seems that there is a limit near
1000000 entries for the sum of all tables, even with the limit
table-entries set to 3000000.
On Wed, May 18, 2011 at 2:03 PM, quentin.narvor wrote:
I am trying to detect problems on hosts in my network : I want to
detect when a communication occurs with a compromised host.
I have built a blacklist which holds near 2 millions ip (spam,
malware.... hosts).
But I can't load it into pf, I get this when I try :
/etc/pf.conf:6: cannot define table bl: Cannot allocate
memory
pfctl: Syntax error in config file: pf rules not loaded
I suspect there is a memory limitation somewhere (in the kernel ??)
which prevent me from loading the table but I am not very
comfortable with kernel variables.
I have already try modifying kern.maxssiz and kern.dflsiz without
success.
Any idea?
_______________________________________________
[email protected] [1] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf [2]
To unsubscribe, send any mail to
"[email protected] [3]"
Links:
------
[1] mailto:[email protected]
[2] http://lists.freebsd.org/mailman/listinfo/freebsd-pf
[3] mailto:[email protected]
[4] mailto:[email protected]
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[email protected]"
