From owner-freebsd-questions@FreeBSD.ORG Sat Feb 28 10:22:23 2009 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C8DBE1065670 for ; Sat, 28 Feb 2009 10:22:23 +0000 (UTC) (envelope-from link@ngc.net.ua) Received: from ex.volia.net (ex.volia.net [82.144.192.10]) by mx1.freebsd.org (Postfix) with ESMTP id 8230C8FC1C for ; Sat, 28 Feb 2009 10:22:23 +0000 (UTC) (envelope-from link@ngc.net.ua) Received: from em.volia.net ([82.144.192.9]) by ex.volia.net with esmtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1LdMKr-000NGL-Co; Sat, 28 Feb 2009 12:22:21 +0200 Received: from mannerly.silver.volia.net ([93.72.28.237] helo=[192.168.2.180]) by em.volia.net with esmtp (Exim 4.63 (FreeBSD)) (envelope-from ) id 1LdMKr-000FYf-6R; Sat, 28 Feb 2009 12:22:21 +0200 Message-ID: <49A9105C.8090503@ngc.net.ua> Date: Sat, 28 Feb 2009 12:22:20 +0200 From: Zinevich Denis User-Agent: Thunderbird 2.0.0.19 (X11/20090105) MIME-Version: 1.0 To: "Michael K. Smith - Adhost" References: <17838240D9A5544AAA5FF95F8D5203160565864E@ad-exh01.adhost.lan> In-Reply-To: <17838240D9A5544AAA5FF95F8D5203160565864E@ad-exh01.adhost.lan> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Volia-Original-IP: 93.72.28.237 Cc: questions@freebsd.org Subject: Re: Issues with PF and 7.1 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Feb 2009 10:22:24 -0000 Hello. Sorry, but i have no exact answer to your question. I have problems with pf on 7.1 too. But i`ve noticed difference between 7.1-p2 and 7.1-p3 My problem appears only in p3 not in p2 may your problem is fixed in p3 ? Michael K. Smith - Adhost пишет: > ** Apologies to folks already subscribed to pf@freebsd.org. This was posted there as well but I'm not getting any responses at all so I thought it best to post it here as well. ** > > > We are having memory issues with PF and 7.1p2 that we didn't experience with 6.3. Here's what happens. > > # pfctl -f /usr/local/etc/pf.conf > /usr/local/etc/pf.conf:135: cannot define table smtpd_reject_policyd: Cannot allocate memory > /usr/local/etc/pf.conf:139: cannot define table smtpd_reject_spam: Cannot allocate memory > pfctl: Syntax error in config file: pf rules not loaded > # pfctl -t smtpd_reject_policyd -T flush > 94390 addresses deleted. > # pfctl -t smtpd_reject_spam -T flush > 62464 addresses deleted. > # pfctl -f /usr/local/etc/pf.conf > > So, after I flush the tables it loads. Sometimes, however, we get a global out of memory error " DIOCADDRULE: Cannot allocate memory " > > Here are my entries from pf.conf for various limits. Everything else is defaults. > > set limit tables 500 > set limit table-entries 250000 > set limit { states 1000000, src-nodes 300000, frags 100000 } > set optimization normal > set skip on lo0 > set state-policy if-bound > set timeout interval 300 > set timeout src.track 1200 > > Finally, the box is using EM interfaces with VLAN's and has 4 Gig of physical RAM. There are two PF boxes in Active/Failover and the errors show up on both, although they seem to show up more often on the Backup device, which seems odd. > > Any help would be greatly appreciated. > > Regards, > > Mike > > -- > Michael K. Smith - CISSP, GISP > Chief Technical Officer - Adhost Internet LLC > mksmith@adhost.com > w: +1 (206) 404-9500 f: +1 (206) 404-9050 > PGP: B49A DDF5 8611 27F3 08B9 84BB E61E 38C0 (Key ID: 0x9A96777D) > >