From owner-freebsd-questions@FreeBSD.ORG Fri Jan 23 00:36:24 2009 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 458D6106567D for ; Fri, 23 Jan 2009 00:36:24 +0000 (UTC) (envelope-from mksmith@adhost.com) Received: from mail-defer01.adhost.com (mail-defer01.adhost.com [216.211.128.176]) by mx1.freebsd.org (Postfix) with ESMTP id 181798FC1B for ; Fri, 23 Jan 2009 00:36:23 +0000 (UTC) (envelope-from mksmith@adhost.com) Received: from mail-in01.adhost.com (mail-in01.adhost.com [10.212.3.11]) by mail-defer01.adhost.com (Postfix) with ESMTP id CAB0C10B08 for ; Thu, 22 Jan 2009 16:20:18 -0800 (PST) (envelope-from mksmith@adhost.com) Received: from ad-exh01.adhost.lan (exchange.adhost.com [216.211.143.69]) by mail-in01.adhost.com (Postfix) with ESMTP id 20AFE2D74CB for ; Thu, 22 Jan 2009 16:20:17 -0800 (PST) (envelope-from mksmith@adhost.com) X-MimeOLE: Produced By Microsoft Exchange V6.5 MIME-Version: 1.0 x-pgp-encoding-format: MIME x-pgp-mapi-encoding-version: 2.5.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="PGP_Universal_FED48C35_02C41B2A_031AEEB6_2A0A4AE9" x-pgp-encoding-version: 2.0.2 Content-class: urn:content-classes:message Date: Thu, 22 Jan 2009 16:20:16 -0800 Message-ID: <17838240D9A5544AAA5FF95F8D5203160565864E@ad-exh01.adhost.lan> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Issues with PF and 7.1 Thread-Index: Acl88Fn8yIBQIQVcRbOt56+Gcpsy2w== From: "Michael K. Smith - Adhost" To: Cc: Subject: Issues with PF and 7.1 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Jan 2009 00:36:24 -0000 --PGP_Universal_FED48C35_02C41B2A_031AEEB6_2A0A4AE9 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: QUOTED-PRINTABLE ** Apologies to folks already subscribed to pf@freebsd.org. This was poste= d there as well but I'm not getting any responses at all so I thought it be= st to post it here as well. ** We are having memory issues with PF and 7.1p2 that we didn't experience wit= h 6.3. Here's what happens. # pfctl -f /usr/local/etc/pf.conf /usr/local/etc/pf.conf:135: cannot define table smtpd_reject_policyd: Canno= t allocate memory /usr/local/etc/pf.conf:139: cannot define table smtpd_reject_spam: Cannot a= llocate memory pfctl: Syntax error in config file: pf rules not loaded # pfctl -t smtpd_reject_policyd -T flush 94390 addresses deleted. # pfctl -t smtpd_reject_spam -T flush 62464 addresses deleted. # pfctl -f /usr/local/etc/pf.conf So, after I flush the tables it loads. Sometimes, however, we get a global= out of memory error " DIOCADDRULE: Cannot allocate memory " Here are my entries from pf.conf for various limits. Everything else is de= faults. set limit tables 500 set limit table-entries 250000 set limit { states 1000000, src-nodes 300000, frags 100000 } set optimization normal set skip on lo0 set state-policy if-bound set timeout interval 300 set timeout src.track 1200 Finally, the box is using EM interfaces with VLAN's and has 4 Gig of physic= al RAM. There are two PF boxes in Active/Failover and the errors show up o= n both, although they seem to show up more often on the Backup device, whic= h seems odd. Any help would be greatly appreciated. =20 Regards, Mike -- Michael K. Smith - CISSP, GISP Chief Technical Officer - Adhost Internet LLC mksmith@adhost.com w: +1 (206) 404-9500 f: +1 (206) 404-9050 PGP: B49A DDF5 8611 27F3 08B9 84BB E61E 38C0 (Key ID: 0x9A96777D) --PGP_Universal_FED48C35_02C41B2A_031AEEB6_2A0A4AE9 Content-Type: application/pgp-signature; name="PGP.sig" Content-Transfer-Encoding: 7BIT Content-Disposition: attachment; filename="PGP.sig" -----BEGIN PGP SIGNATURE----- Version: 9.9.1 (Build 287) iQEVAwUBSXkNQPTXQhZ+XcVAAQj/7wf/bHvmfnTBbZFh5KISKiDktiFMSUFjT+hT UZxEcopgEozkRye5GgC1mW9YiFYUnHrluNsd5dRGiCrfFAujvSKjMGVlVf8qhcHN EKzjhxG54OTIuNk6JdKCZ0A2wD9ffZfua0rhzxFd0oKyMD67v1M5yjcROa6vxupE Swbuyq+0V7mkyjminwxYWi0dSc9BtG0CXRQ14hk2briD5DrAUuiGiQaRyAk3m64O NeWgJ4aJpVWvkBJow8p6S2S3QF4jJ95JC3fkj5w4Pqu4VGNtSQdaHBEw7gWSVtvS wFSlbAPcDgsh5mX+zJmLpCPkCkkFfaITeEprrvYNtRG0xK2NG6KpVQ== =VUfm -----END PGP SIGNATURE----- --PGP_Universal_FED48C35_02C41B2A_031AEEB6_2A0A4AE9--