From owner-freebsd-pf@freebsd.org Mon Jun 18 18:37:47 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0454B1018DEB for ; Mon, 18 Jun 2018 18:37:47 +0000 (UTC) (envelope-from bsd-lists@BSDforge.com) Received: from udns.ultimatedns.net (static-24-113-41-81.wavecable.com [24.113.41.81]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 71BA36BB73 for ; Mon, 18 Jun 2018 18:37:46 +0000 (UTC) (envelope-from bsd-lists@BSDforge.com) Received: from udns.ultimatedns.net (localhost [127.0.0.1]) by udns.ultimatedns.net (8.14.9/8.14.9) with ESMTP id w5IIbtmL078771; Mon, 18 Jun 2018 11:38:01 -0700 (PDT) (envelope-from bsd-lists@BSDforge.com) X-Mailer: UDNSMS MIME-Version: 1.0 Cc: "Miroslav Lachman" <000.fbsd@quip.cz>, "FreeBSD PF List" In-Reply-To: <5C1BA1CA-5814-417F-BD9C-EC6E7F08588C@sigsegv.be> From: "Chris H" Reply-To: bsd-lists@BSDforge.com To: "Kristof Provost" Subject: Re: Is there an upper limit to PF's tables? Date: Mon, 18 Jun 2018 11:38:01 -0700 Message-Id: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Jun 2018 18:37:47 -0000 On Mon, 18 Jun 2018 12:08:33 +0200 "Kristof Provost" s= aid > On 18 Jun 2018, at 0:19, Chris H wrote: > > Sorry=2E Looks like I might be coming to the party a little late=2E But=20 > > I'm > > currently running a 9=2E3 box that runs as a IP (service) filter for=20 > > much > > of a network=2E While I've patched the box well enough to keep it safe=20 > > to > > continue running=2E I am reluctant to up(grade|date) it to 11, or=20 > > CURRENT, > > based on some of the information related to topics like this thread=2E > > Currently, the 9=2E3 box maintains some 18 million entries *just* within > > the SPAM related table=2E The other tables contain no less that 1=20 > > million=2E > > As it stands I have *no* trouble loading pf(4) with all of the tables > > totaling some 20+ million entries, *even* when the BOX is working with > > as little 4Gb ram=2E > > Has something in pf(4) changed, since 9=2E3 that would now prevent me > > from continuing to use my current setup, and tables? > > > No=2E There are no new limits in 11, and the only thing that *might* be an= =20 > issue is validation improvements in 12=2E Still, anything that worked on 9= =20 > is expected to work on 12 (if not, report a bug)=2E Thank you very much for the informative reply, Kristof! >=20 > Please don=E2=80=99t keep running unsupported versions=2E You're reply leaves me little reason to think I need, or want to=2E :-) Thanks, again! --Chris >=20 > Regards, > Kristof