On Thu, 14 Jun 2018 21:44:08 +0200 "Miroslav Lachman" <000.f...@quip.cz> said
Dave Horsfall wrote on 2018/06/14 19:40:
> I can't get access to kernel sauce right now, but I'm hitting over 1,000
> entries from woodpeckers[*] etc; is there some upper limit, or is it
> just purely dynamic?
>
> aneurin% freebsd-version
> 10.4-RELEASE-p9
One of our customers have machine with 10.4 too. They are blocking all
Tor IP addresses. The table has 272574 entries now.
There were/(are) some problems with reload of PF:
# service pf reload
Reloading pf rules.
/etc/pf.conf:37: cannot define table reserved: Cannot allocate memory
/etc/pf.conf:38: cannot define table czech_net: Cannot allocate memory
/etc/pf.conf:39: cannot define table goodguys: Cannot allocate memory
/etc/pf.conf:40: cannot define table badguys: Cannot allocate memory
/etc/pf.conf:41: cannot define table tor_net: Cannot allocate memory
pfctl: Syntax error in config file: pf rules not loaded
Even if there is "set limit table-entries 300000"
I do not understand PF internals but I think PF needs twice the memory
for reload (if there are already a lot of entries).
Because workaround for this was simple as reload PF with empty table and
then load table entries:
# mv /etc/pf.tor_net.table /etc/pf.tor_net.table.BaK
# touch /etc/pf.tor_net.table
# pfctl -t tor_net -T flush
201703 addresses deleted.
# pfctl -vf /etc/pf.conf
# pfctl -t tor_net -T replace -f /etc/pf.tor_net.table.BaK
So loading all entries in to empty table works fine, but reloading
didn't work.
Sorry. Looks like I might be coming to the party a little late. But I'm
currently running a 9.3 box that runs as a IP (service) filter for much
of a network. While I've patched the box well enough to keep it safe to
continue running. I am reluctant to up(grade|date) it to 11, or CURRENT,
based on some of the information related to topics like this thread.
Currently, the 9.3 box maintains some 18 million entries *just* within
the SPAM related table. The other tables contain no less that 1 million.
As it stands I have *no* trouble loading pf(4) with all of the tables
totaling some 20+ million entries, *even* when the BOX is working with
as little 4Gb ram.
Has something in pf(4) changed, since 9.3 that would now prevent me
from continuing to use my current setup, and tables?
Thanks!
--Chris
Miroslav Lachman
_______________________________________________
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
_______________________________________________
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
