On 26 August 2015 at 16:09, Kolontai Andrej <
andrej.kolon...@verwaltung.uni-muenchen.de> wrote:
> >1.5k rules seems like a lot for PF to handle.
> >
> >Is that 1.5k rules you've written in the conf, or 1.5k rules from `pfctl
> -sr | wc -l' ?
>
> Yes, that's what is in the conf files. The latter c
>1.5k rules seems like a lot for PF to handle.
>
>Is that 1.5k rules you've written in the conf, or 1.5k rules from `pfctl -sr |
>wc -l' ?
Yes, that's what is in the conf files. The latter command gives around 3400...
>I would suggest you find a way to drastically lower that.
Given the number o
On Wed, Aug 26, 2015 at 1:43 PM, Kristof Provost wrote:
> On 2015-08-25 19:56:59 (+0200), Ermal Luçi wrote:
> > On Sun, Aug 23, 2015 at 5:09 PM, Kristof Provost wrote:
> >
> > >I'm inclined to say that ifgroups and interfaces should share a
> > >namespace. That would certainly help pf,
On 2015-08-25 19:56:59 (+0200), Ermal Luçi wrote:
> On Sun, Aug 23, 2015 at 5:09 PM, Kristof Provost wrote:
>
> >I'm inclined to say that ifgroups and interfaces should share a
> >namespace. That would certainly help pf, because it uses both
> >interchangeably, which just doesn't wor
On 25 August 2015 at 17:55, Kolontai Andrej <
andrej.kolon...@verwaltung.uni-muenchen.de> wrote:
> Hello,
>
> I'm new to this list and I hope it's the right place to ask.
>
> We have highly utilized installation of two FreeBSD-machines running
> 10.1-RELEASE, pf and carp. There are about 50 networ
