Date: Mon, 18 Jun 2018 07:23:54 -0700 From: "Chris H" <bsd-lists@BSDforge.com> To: "Kurt Jaeger" <lists@opsec.eu> Cc: "FreeBSD PF List" <freebsd-pf@freebsd.org> Subject: Re: Is there an upper limit to PF's tables? Message-ID: <4c0deb48c16c7dea04df7a85b1e1893a@udns.ultimatedns.net> In-Reply-To: <20180618102147.GN4028@home.opsec.eu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 18 Jun 2018 12:21:47 +0200 "Kurt Jaeger" <lists@opsec=2Eeu> said > Hi! >=20 > > > So loading all entries in to empty table works fine, but reloading=20 > > > didn't work=2E > > Sorry=2E Looks like I might be coming to the party a little late=2E But I'm > > currently running a 9=2E3 box that runs as a IP (service) filter for much > > of a network=2E While I've patched the box well enough to keep it safe to > > continue running=2E I am reluctant to up(grade|date) it to 11, or CURRENT= , > > based on some of the information related to topics like this thread=2E > > Currently, the 9=2E3 box maintains some 18 million entries *just* within > > the SPAM related table=2E The other tables contain no less that 1 million= =2E >=20 > > As it stands I have *no* trouble loading pf(4) with all of the tables > > totaling some 20+ million entries, *even* when the BOX is working with > > as little 4Gb ram=2E > > Has something in pf(4) changed, since 9=2E3 that would now prevent me > > from continuing to use my current setup, and tables? >=20 > Well, if you plan to upgrade, I'd suggest you do some tests, > like dumping those tables and loading them on a new box=2E >=20 > At all our installations we did use PF in 9=2Ex times and > had no problems to move to 11=2Ex=2E Thanks for the reply, Kurt=2E That's good advice, indeed=2E As that was pretty much my "game plan"=2E But recently I've seen a few entries on the list, and a few pr(1)'s regarding the inability to start pf(1), because the tables were too large=2E Whereas I hadn't heard anyone mention it in the past=2E So it seemed prudent to ask=2E :-) Thanks again, Kurt! --Chris >=20 > --=20 > pi@opsec=2Eeu +49 171 3101372 2 years to go !
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4c0deb48c16c7dea04df7a85b1e1893a>