OK I just updated our of our servers, and upon boot I was greeted with a failure to start message from pf(4). :( Seems that in an effort to prevent people whom are unfamiliar with pf from shooting themselves in the foot. A new oid (restriction) was added: net.pf.request_maxcount and worse; was given an arbitrarily low threshold: 65535 I can say from years of relying on pf, that I have little to no difficulty loading the some 45.7 million addresses in our block tables. The majority of those IPs are in but two of the tables, and can do so on a server with only 4Gb RAM. We have never encountered any freeze/crash upon startup for loading the tables. The (low resource) server I'm referring to also provides web && mail services to some 60 domains. While I grant you I *should* have read the entry in UPDATING, I think that given the server in question was bombarded as a result of being unable to load the tables. Which IMHO is just as bad, if not worse than having the system wallow from being overloaded during table loading. How can I remove this/ese added restrictions to pf(4)?
Thank you for all your time, and consideration. --Chris _______________________________________________ freebsd-pf@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
