On Mon, Nov 06, 2006 at 02:21:58PM -0800, Michael K. Smith - Adhost wrote:
> We are looking at pulling in a listing of about 70,000 IP entries (most
> of them are hosts, not subnets) into a PF Table. Is there any hard
> limitation to the configuration size or ability to parse through
> something that large?
Shouldn't be a problem.
# pfctl -sm
[...]
tables hard limit 1000
table-entries hard limit 100000
I.e. the default limit on number of table entries (across all tables) is
100,000. If you need more (and have sufficient memory), you can increase
it with 'set limit table-entries' in pf.conf.
# wc -l file
70000 file
# time pfctl -t foo -Ta -f file
1 table created.
70000/70000 addresses added.
0m1.27s real 0m0.39s user 0m0.80s system
# vmstat -m
[...]
Memory resource pool statistics
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
[...]
pfrkentry 216 70000 0 0 3889 0 3889 3889 0 5556
0
The pfrkentry pool holds the table entries. The size of one entry
(depends on architecture, here 216 bytes) multiplied by the number of
entries is 216*70000 = 14.41MB. So 70,000 isn't that large. 700,000
would probably be a challenge, and 7,000,000 would be beyond reasonable
;)
Daniel
