Re: Machine freezes when loading pf ruleset

2015-12-14 Thread Krzysiek
-Original Message- From: owner-freebsd...@freebsd.org [mailto:owner-freebsd- p...@freebsd.org] On Behalf Of Krzysiek Sent: Friday, December 11, 2015 10:43 PM To: freebsd-pf@freebsd.org Subject: Re: Machine freezes when loading pf ruleset W dniu 2015-08-27 o 15:32, Kolontai Andrej p

RE: Machine freezes when loading pf ruleset

2015-12-14 Thread Kolontai Andrej
f Krzysiek >Sent: Friday, December 11, 2015 10:43 PM >To: freebsd-pf@freebsd.org >Subject: Re: Machine freezes when loading pf ruleset > >W dniu 2015-08-27 o 15:32, Kolontai Andrej pisze: >>> The patch provided at https://reviews.freebsd.org/D3503 should help your >case. &g

Re: Machine freezes when loading pf ruleset

2015-12-11 Thread Krzysiek
W dniu 2015-08-27 o 15:32, Kolontai Andrej pisze: The patch provided at https://reviews.freebsd.org/D3503 should help your case. During a full ruleset reload, taking into account so many rules, you will impact normal packet processing. Hence you have the feeling of the box being frozen or not fo

RE: Machine freezes when loading pf ruleset

2015-08-27 Thread Kolontai Andrej
>The patch provided at https://reviews.freebsd.org/D3503 should help your case. >During a full ruleset reload, taking into account so many rules, you will >impact normal packet processing. >Hence you have the feeling of the box being frozen or not forwarding traffic. >That patch reduces the overh

Re: Machine freezes when loading pf ruleset

2015-08-27 Thread Ermal Luçi
On Wed, Aug 26, 2015 at 4:09 PM, Kolontai Andrej < andrej.kolon...@verwaltung.uni-muenchen.de> wrote: > >1.5k rules seems like a lot for PF to handle. > > > >Is that 1.5k rules you've written in the conf, or 1.5k rules from `pfctl > -sr | wc -l' ? > > Yes, that's what is in the conf files. The lat

Re: Machine freezes when loading pf ruleset

2015-08-26 Thread Damien Fleuriot
On 26 August 2015 at 16:09, Kolontai Andrej < andrej.kolon...@verwaltung.uni-muenchen.de> wrote: > >1.5k rules seems like a lot for PF to handle. > > > >Is that 1.5k rules you've written in the conf, or 1.5k rules from `pfctl > -sr | wc -l' ? > > Yes, that's what is in the conf files. The latter c

RE: Machine freezes when loading pf ruleset

2015-08-26 Thread Kolontai Andrej
>1.5k rules seems like a lot for PF to handle. > >Is that 1.5k rules you've written in the conf, or 1.5k rules from `pfctl -sr | >wc -l' ? Yes, that's what is in the conf files. The latter command gives around 3400... >I would suggest you find a way to drastically lower that. Given the number o

Re: Machine freezes when loading pf ruleset

2015-08-26 Thread Damien Fleuriot
On 25 August 2015 at 17:55, Kolontai Andrej < andrej.kolon...@verwaltung.uni-muenchen.de> wrote: > Hello, > > I'm new to this list and I hope it's the right place to ask. > > We have highly utilized installation of two FreeBSD-machines running > 10.1-RELEASE, pf and carp. There are about 50 networ

Machine freezes when loading pf ruleset

2015-08-25 Thread Kolontai Andrej
Hello, I'm new to this list and I hope it's the right place to ask. We have highly utilized installation of two FreeBSD-machines running 10.1-RELEASE, pf and carp. There are about 50 networks (some via vlan, some ipsec) connected to them, usually about 5 pf states, about 1500 rules and tr