Date: Fri, 25 Aug 2017 14:41:46 +0200 From: Miroslav Lachman <000.fbsd@quip.cz> To: freebsd-pf@FreeBSD.org Subject: PF cannot allocate memory on reload Message-ID: <59A01B0A.6050407@quip.cz>
next in thread | raw e-mail | index | archive | help
I have PF rules with some large tables. The biggest one is with Tor IPs
- 198239 entries in table tor_net.
When I try to reload PF I get error like these:
/etc/pf.conf.tmp:37: cannot define table reserved: Cannot allocate memory
table <czech_net> persist file "/etc/pf.czech_net.table"
/etc/pf.conf.tmp:38: cannot define table czech_net: Cannot allocate memory
table <goodguys> persist file "/etc/pf.goodguys.table"
/etc/pf.conf.tmp:39: cannot define table goodguys: Cannot allocate memory
table <badguys> persist file "/etc/pf.badguys.table"
/etc/pf.conf.tmp:40: cannot define table badguys: Cannot allocate memory
table <tor_net> persist file "/etc/pf.tor_net.table"
table <bruteforce> persist
table <ssh_bruteforce> persist
set limit table-entries 300000
set block-policy drop
set loginterface em1
set skip on { lo0 xyz1 }
pfctl: Syntax error in config file: pf rules not loaded
The possible workaround is to flush table tor_net, reload PF and then
add IPs to the table tor_net.
Is there something I can tune to prevent these errors?
This is on FreeBSD 10.3-RELEASE-p18 amd64 GENERIC
Miroslav Lachman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?59A01B0A.6050407>