On 2016-Aug-16, at 8:47 AM, Gé Weijers <[email protected]> wrote: > Hi, > > Trying to define a pfBlockerNG IPv6 alias for the US. It seems that the > GeoIP database has over a million entries, which causes a crash.... > > Any idea why the US ranges are this humongous? >
I use pfBlockerNG and various other blocking lists loaded as URL Table Aliases. I found (back with 2.1.x?) that the "Firewall Maximum Table Entries" under "System -> Advanced -> Firewall/NAT" tab needs to be set much higher than the number of entries you actually have (e.g., try at least double). Unless you're very tight on memory, it's safer to overdo it. E.G., in addition to enabling some (maybe 40%?) of the countries in pfBlockerNG, I also have over a half million other entries and use a setting of 4M (it was failing at 3.5M IIRC). _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
