Date: Mon, 18 Jun 2018 12:21:47 +0200 From: Kurt Jaeger <lists@opsec.eu> To: Chris H <bsd-lists@BSDforge.com> Cc: FreeBSD PF List <freebsd-pf@freebsd.org> Subject: Re: Is there an upper limit to PF's tables? Message-ID: <20180618102147.GN4028@home.opsec.eu> In-Reply-To: <05564c89db6cf667584dea5586602054@udns.ultimatedns.net> References: <41eb69f5-a2ba-7546-f7c8-b97eb179d22e@quip.cz> <05564c89db6cf667584dea5586602054@udns.ultimatedns.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi! > > So loading all entries in to empty table works fine, but reloading > > didn't work. > Sorry. Looks like I might be coming to the party a little late. But I'm > currently running a 9.3 box that runs as a IP (service) filter for much > of a network. While I've patched the box well enough to keep it safe to > continue running. I am reluctant to up(grade|date) it to 11, or CURRENT, > based on some of the information related to topics like this thread. > Currently, the 9.3 box maintains some 18 million entries *just* within > the SPAM related table. The other tables contain no less that 1 million. > As it stands I have *no* trouble loading pf(4) with all of the tables > totaling some 20+ million entries, *even* when the BOX is working with > as little 4Gb ram. > Has something in pf(4) changed, since 9.3 that would now prevent me > from continuing to use my current setup, and tables? Well, if you plan to upgrade, I'd suggest you do some tests, like dumping those tables and loading them on a new box. At all our installations we did use PF in 9.x times and had no problems to move to 11.x. -- pi@opsec.eu +49 171 3101372 2 years to go !
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180618102147.GN4028>