Date: Fri, 21 Feb 2020 11:27:06 -0800 From: Chris <bsd-lists@BSDforge.com> To: freebsd-pf <freebsd-pf@freebsd.org> Subject: Why was pf(4) castorated? Message-ID: <6b40bdfcfa1c1a2c0d724477235b96ff@udns.ultimatedns.net>
next in thread | raw e-mail | index | archive | help
OK I just updated our of our servers, and upon boot I was greeted with a failure to start message from pf(4)=2E :( Seems that in an effort to prevent people whom are unfamiliar with pf from shooting themselves in the foot=2E A new oid (restriction) was added: net=2Epf=2Erequest_maxcount and worse; was given an arbitrarily low threshold: 65535 I can say from years of relying on pf, that I have little to no difficulty loading the some 45=2E7 million addresses in our block tables=2E The majority of those IPs are in but two of the tables, and can do so on a server with only 4Gb RAM=2E We have never encountered any freeze/crash upon startup for loading the tables=2E The (low resource) server I'm referring to also provides web && mail services to some 60 domains=2E While I grant you I *should* have read the entry in UPDATING, I think that given the server in question was bombarded as a result of being unable to load the tables=2E Which IMHO is just as bad, if not worse than having the system wallow from being overloaded during table loading=2E How can I remove this/ese added restrictions to pf(4)? Thank you for all your time, and consideration=2E --Chris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6b40bdfcfa1c1a2c0d724477235b96ff>