Date: Wed, 18 May 2011 15:00:57 +0200 From: "quentin.narvor" <quentin.narvor@ensi-bourges.fr> To: =?UTF-8?Q?Richard_Brend=C3=B6rfer?= <neamtu@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: Large table issue Message-ID: <f0e7334eec06e84af364ebc26ce47dc4@ensi-bourges.fr> In-Reply-To: <BANLkTik_V1%2BzWk%2BeU64ecK3sVOhTq2h-dw@mail.gmail.com> References: <390946c3b25ae3d887574555a494cb42@ensi-bourges.fr> <BANLkTik_V1%2BzWk%2BeU64ecK3sVOhTq2h-dw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 18 May 2011 15:34:49 +0300, Richard Brendörfer wrote: > Hi, > try with _set limit table-entries number_ in pf.vonf or split you > table in 2 or 3 tables. > Hi, I forgot to say that I have already set this option to 3000000 in my pf.conf. I have tried to split the table in smaller pieces (~450000 entries in each table) but the command "pfctl -f /etc/pf.conf" gives me the same memory issue when loading the third table. I don't know the precise number but it seems that there is a limit near 1000000 entries for the sum of all tables, even with the limit table-entries set to 3000000. > On Wed, May 18, 2011 at 2:03 PM, quentin.narvor wrote: > >> I am trying to detect problems on hosts in my network : I want to >> detect when a communication occurs with a compromised host. >> I have built a blacklist which holds near 2 millions ip (spam, >> malware.... hosts). >> >> But I can't load it into pf, I get this when I try : >> >> /etc/pf.conf:6: cannot define table bl: Cannot allocate >> memory >> pfctl: Syntax error in config file: pf rules not loaded >> >> I suspect there is a memory limitation somewhere (in the kernel ??) >> which prevent me from loading the table but I am not very >> comfortable with kernel variables. >> I have already try modifying kern.maxssiz and kern.dflsiz without >> success. >> >> Any idea? >> _______________________________________________ >> freebsd-pf@freebsd.org [1] mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-pf [2] >> To unsubscribe, send any mail to >> "freebsd-pf-unsubscribe@freebsd.org [3]" > > > > Links: > ------ > [1] mailto:freebsd-pf@freebsd.org > [2] http://lists.freebsd.org/mailman/listinfo/freebsd-pf > [3] mailto:freebsd-pf-unsubscribe@freebsd.org > [4] mailto:quentin.narvor@ensi-bourges.fr
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f0e7334eec06e84af364ebc26ce47dc4>