RE: Machine freezes when loading pf ruleset

f Krzysiek >Sent: Friday, December 11, 2015 10:43 PM >To: freebsd-pf@freebsd.org >Subject: Re: Machine freezes when loading pf ruleset > >W dniu 2015-08-27 o 15:32, Kolontai Andrej pisze: >>> The patch provided at https://reviews.freebsd.org/D3503 should help your >case. &g

RE: Machine freezes when loading pf ruleset

>The patch provided at https://reviews.freebsd.org/D3503 should help your case. >During a full ruleset reload, taking into account so many rules, you will >impact normal packet processing. >Hence you have the feeling of the box being frozen or not forwarding traffic. >That patch reduces the overh

RE: Machine freezes when loading pf ruleset

>1.5k rules seems like a lot for PF to handle. > >Is that 1.5k rules you've written in the conf, or 1.5k rules from `pfctl -sr | >wc -l' ? Yes, that's what is in the conf files. The latter command gives around 3400... >I would suggest you find a way to drastically lower that. Given the number o

Machine freezes when loading pf ruleset

Hello, I'm new to this list and I hope it's the right place to ask. We have highly utilized installation of two FreeBSD-machines running 10.1-RELEASE, pf and carp. There are about 50 networks (some via vlan, some ipsec) connected to them, usually about 5 pf states, about 1500 rules and tr