Date: Thu, 22 Jan 2009 11:32:44 -0800 From: "Michael K. Smith - Adhost" <mksmith@adhost.com> To: <pf@freebsd.org> Subject: Issues with PF and 7.1 Message-ID: <17838240D9A5544AAA5FF95F8D520316056585C1@ad-exh01.adhost.lan>
next in thread | raw e-mail | index | archive | help
--PGP_Universal_5A781E29_FCEFC1C4_1D7F44BB_4804FD13
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: QUOTED-PRINTABLE
Hello All:
We are having memory issues with PF and 7.1p2 that we didn't experience wit=
h 6.3. Here's what happens.
# pfctl -f /usr/local/etc/pf.conf
/usr/local/etc/pf.conf:135: cannot define table smtpd_reject_policyd: Canno=
t allocate memory
/usr/local/etc/pf.conf:139: cannot define table smtpd_reject_spam: Cannot a=
llocate memory
pfctl: Syntax error in config file: pf rules not loaded
# pfctl -t smtpd_reject_policyd -T flush
94390 addresses deleted.
# pfctl -t smtpd_reject_spam -T flush
62464 addresses deleted.
# pfctl -f /usr/local/etc/pf.conf
So, after I flush the tables it loads. Sometimes, however, we get a global=
out of memory error " DIOCADDRULE: Cannot allocate memory "
Here are my entries from pf.conf for various limits. Everything else is de=
faults.
set limit tables 500
set limit table-entries 250000
set limit { states 1000000, src-nodes 300000, frags 100000 }
set optimization normal
set skip on lo0
set state-policy if-bound
set timeout interval 300
set timeout src.track 1200
Finally, the box is using EM interfaces with VLAN's and has 4 Gig of physic=
al RAM. There are two PF boxes in Active/Failover and the errors show up o=
n both, although they seem to show up more often on the Backup device, whic=
h seems odd.
Any help would be greatly appreciated. =20
Regards,
Mike
--
Michael K. Smith - CISSP, GISP
Chief Technical Officer - Adhost Internet LLC
mksmith@adhost.com
w: +1 (206) 404-9500 f: +1 (206) 404-9050
PGP: B49A DDF5 8611 27F3 08B9 84BB E61E 38C0 (Key ID: 0x9A96777D)
--PGP_Universal_5A781E29_FCEFC1C4_1D7F44BB_4804FD13
Content-Type: application/pgp-signature;
name="PGP.sig"
Content-Transfer-Encoding: 7BIT
Content-Disposition: attachment;
filename="PGP.sig"
-----BEGIN PGP SIGNATURE-----
Version: 9.9.1 (Build 287)
iQEVAwUBSXjJ3PTXQhZ+XcVAAQjvdAf9EYGGtY0H+CHvXxHrqf0c7PH8v+RK3KPB
s+SagdF6t3My+qg91pTtbwKOsz3jnYux2WdQzO+d+kvZOqHfpEWT8cgCi6MZBrEI
gODuw32yoiAhEEgtk4Q2jDR8wS1s7USdo8tcv6WteqMUxc7YY7rSvB5ifwzy8Bxw
wYIljG3+cqlBPM1ZSkVsHGilwA4oMc2hWOoSAKP4h4/Lb66dd0kPfqJshaE0BiH/
Bz8ngVISxEEWMOdKhgWsAM15aibOJn7Zqz1KEDPjRJ+U4We0LiJ4t1o/Mz6ZF4Iv
tmin739E6G2WRHhHw/BZqlm+xleqV39tZZU8db+AWeRzdc+FFOJWJQ==
=ziCP
-----END PGP SIGNATURE-----
--PGP_Universal_5A781E29_FCEFC1C4_1D7F44BB_4804FD13--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?17838240D9A5544AAA5FF95F8D520316056585C1>