On 9 dec 2005, at 14:39, Daniel Hartmeier wrote:
On Fri, Dec 09, 2005 at 07:24:30PM +0800, Garlum Ho wrote:
bash-3.00# pfctl -t spamd -Ta -f rbl_split_av
pfctl: Cannot allocate memory.
There are new table-related limits in 3.8, which default to
# pfctl -sm
...
tables hard limit 1000
table-entries hard limit 100000
you can raise the limits with
# echo "set limit table-entries 500000" | pfctl -mf -
or permanently in /etc/pf.conf
set limit table-entries 500000
Daniel
There are a few gotchas here though, at least if i remember my
problems correctly. If you plan to update your table regularly you
will need at least 2x the maximum number of entries in the table
since, at the time you do your refresh, pf will have two copies of
your table in memory. The original and the new one.
Also, if the number of entries in the table, when you load pf.conf,
is larger than the maximum number of entries, you will need to set
the table-entries value before you load the table. If you get the
above mentioned problem, try moving the table-loading to after the
option-setting.
Don't know if it's fixed in a snapshot, but the man-page for pf.conf
says nothing about a table-entries option.
And while I'm at it, perhaps the preferred order if statements in
pf.conf should be macros, options, tables...?
This is all written from the top of my head, and I'm in a hurry, but
I hope it helps. Don't hit me if I'm wrong :)
// Henrik Gustafsson
