On Mon, Nov 06, 2006 at 02:21:58PM -0800, Michael K. Smith - Adhost wrote: > We are looking at pulling in a listing of about 70,000 IP entries (most > of them are hosts, not subnets) into a PF Table.
There is essentially no difference between a host and a subnet as far as tables are concerned in PF. > Is there any hard limitation to the configuration size Yes. If you have too many table entries, your system will run out of kernel memory and stall/crash/etc. If you increase the limit (via 'set limit table-entries', you should The default table entry limit is 100,000, so I don't imagine you'll have a problem with 70,000 unless your system is extremely low on memory. > or ability to parse through something that large? Not really. As far as packet filtering, the size of the table makes very little difference. The cost of table searches scales at O(log n); doubling the size of the table costs you a single comparison.
