From owner-freebsd-pf@FreeBSD.ORG Wed May 18 13:01:08 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B5C0C106564A for ; Wed, 18 May 2011 13:01:08 +0000 (UTC) (envelope-from quentin.narvor@ensi-bourges.fr) Received: from ensi-bourges.fr (mail.ensi-bourges.fr [195.221.38.25]) by mx1.freebsd.org (Postfix) with ESMTP id E31E38FC12 for ; Wed, 18 May 2011 13:01:07 +0000 (UTC) Received: (qmail 32496 invoked from network); 18 May 2011 12:59:36 -0000 Received: from unknown (HELO webmail.ensi-bourges.fr) (Authenticated_user:quentin.narvor@[195.221.38.6]) (envelope-sender ) by mail.ensi-bourges.fr (qmail-ldap-1.03) with SMTP for ; 18 May 2011 12:59:36 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Date: Wed, 18 May 2011 15:00:57 +0200 From: "quentin.narvor" To: =?UTF-8?Q?Richard_Brend=C3=B6rfer?= In-Reply-To: References: <390946c3b25ae3d887574555a494cb42@ensi-bourges.fr> Message-ID: X-Sender: quentin.narvor@ensi-bourges.fr User-Agent: Roundcube Webmail/0.5.1 Cc: freebsd-pf@freebsd.org Subject: Re: Large table issue X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 May 2011 13:01:08 -0000 On Wed, 18 May 2011 15:34:49 +0300, Richard Brendörfer wrote: > Hi, > try with _set limit table-entries number_ in pf.vonf or split you > table in 2 or 3 tables. > Hi, I forgot to say that I have already set this option to 3000000 in my pf.conf. I have tried to split the table in smaller pieces (~450000 entries in each table) but the command "pfctl -f /etc/pf.conf" gives me the same memory issue when loading the third table. I don't know the precise number but it seems that there is a limit near 1000000 entries for the sum of all tables, even with the limit table-entries set to 3000000. > On Wed, May 18, 2011 at 2:03 PM, quentin.narvor wrote: > >> I am trying to detect problems on hosts in my network : I want to >> detect when a communication occurs with a compromised host. >> I have built a blacklist which holds near 2 millions ip (spam, >> malware.... hosts). >> >> But I can't load it into pf, I get this when I try : >> >>     /etc/pf.conf:6: cannot define table bl: Cannot allocate >> memory >>     pfctl: Syntax error in config file: pf rules not loaded >> >> I suspect there is a memory limitation somewhere (in the kernel ??) >> which prevent me from loading the table but I am not very >> comfortable with kernel variables. >> I have already try modifying kern.maxssiz and kern.dflsiz without >> success. >> >> Any idea? >> _______________________________________________ >> freebsd-pf@freebsd.org [1] mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-pf [2] >> To unsubscribe, send any mail to >> "freebsd-pf-unsubscribe@freebsd.org [3]" > > > > Links: > ------ > [1] mailto:freebsd-pf@freebsd.org > [2] http://lists.freebsd.org/mailman/listinfo/freebsd-pf > [3] mailto:freebsd-pf-unsubscribe@freebsd.org > [4] mailto:quentin.narvor@ensi-bourges.fr