Date: Wed, 27 Oct 2021 12:02:11 +0200 From: Marcel Bischoff <marcel@herrbischoff.com> To: Chris <bsd-lists@bsdforge.com> Cc: freebsd-pf@freebsd.org Subject: Re: "pfctl: Cannot allocate memory" issue with a large table Message-ID: <YXkizggaUBLvaSCU@herrbischoff.com> In-Reply-To: <fd8751a44b140fb927db1c4009456eff@bsdforge.com> References: <YXRXm4yCW9kblseH@herrbischoff.com> <fd8751a44b140fb927db1c4009456eff@bsdforge.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 21/10/26, Chris wrote: >Have you reached your STATE limit? >OTOH you might try adding the IPs from the list individually. Something like: > >iplist=" >w.x.y.z >a.b.c.d >... >g.h.i.j >" > >for block in $iplist >do > pfctl -T add -t <your-table-name-here> $block >done > >I'm managing about a half dozen tables with a combined number of a over >quarter of a billion addresses, and don't have a problem. Even on a servers >with as little as 8GB RAM. Thanks for the suggestion. As far as I can tell, this shouldn't be the case, as the server in question is a relatively quiet server with regard to traffic. It is extremely unlikely that more active states than configured are held concurrently. That being said, I have raised the limit temporarily and will be monitoring the situation. Could you please elaborate as to why you think this may be related? I would like to understand the inner workings of pf a bit better. Best, Marcel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?YXkizggaUBLvaSCU>