From owner-freebsd-questions@FreeBSD.ORG Thu Apr 20 10:23:52 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AA09D16A402 for ; Thu, 20 Apr 2006 10:23:52 +0000 (UTC) (envelope-from freebsd@violetlan.net) Received: from scurvy.violetlan.net (d463ce08.datahighways.de [212.99.206.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id 28B5D43D46 for ; Thu, 20 Apr 2006 10:23:52 +0000 (GMT) (envelope-from freebsd@violetlan.net) Received: from scurvy.violetlan.net (localhost.violetlan.net [127.0.0.1]) by scurvy.violetlan.net (Postfix) with ESMTP id AB49033C5C for ; Thu, 20 Apr 2006 12:23:55 +0200 (CEST) Received: by scurvy.violetlan.net (Postfix, from userid 65534) id 79F6A33C56; Thu, 20 Apr 2006 12:23:55 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on scurvy.violetlan.net X-Spam-Level: X-Spam-Status: No, score=-1.4 required=5.0 tests=ALL_TRUSTED autolearn=ham version=3.1.1 Received: from khumuleka (unknown [192.168.100.199]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by scurvy.violetlan.net (Postfix) with ESMTP id E718833C52 for ; Thu, 20 Apr 2006 12:23:52 +0200 (CEST) Date: Thu, 20 Apr 2006 12:23:55 +0200 From: Reinhold Platzoeder To: freebsd-questions@freebsd.org Message-ID: <20060420122355.397495f6@khumuleka> In-Reply-To: <86acagaf0b.fsf@amidala.datadok.no> References: <20060420012749.151ad162@khumuleka> <86acagaf0b.fsf@amidala.datadok.no> Organization: Violetlan X-Mailer: Sylpheed-Claws 2.1.0 (GTK+ 2.8.17; i386-portbld-freebsd6.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP Subject: Re: pf problem with table X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Apr 2006 10:23:52 -0000 On Thu, 20 Apr 2006 09:21:40 +0200 peter@bgnett.no (Peter N. M. Hansteen) wrote: > Reinhold Platzoeder writes: > > > My problem looks like the file is to big to be loaded into pf > > My firewall stops responding when the file has about 7000 IPs in it > > The old file has 104450 IPs in it and I would like to block them > > You could try manipulating the table entries limits, ie > > set limit table-entries 150000 > > in your pf.conf would set the upper limit for number of entries in a > table to 150000. > Hi When I add this option I get a Syntax error I have added it like this set limit table-entries 150000 and then i tried set limit { states 10000, frags 5000, table-entries 150000 } both times I get pfctl: Bad pool name. /etc/pf.conf:25: unable to set limit table-entries 150000 pfctl: Syntax error in config file: pf rules not loaded I also tried lowering the number with no success -- Reinhold Platzoeder reinhold@violetlan.net reinhold@webmail.co.za http://www.violetlan.net