I have PF rules with some large tables. The biggest one is with Tor IPs
- 198239 entries in table tor_net.
When I try to reload PF I get error like these:
/etc/pf.conf.tmp:37: cannot define table reserved: Cannot allocate memory
table <czech_net> persist file "/etc/pf.czech_net.table"
/etc/pf.conf.tmp:38: cannot define table czech_net: Cannot allocate memory
table <goodguys> persist file "/etc/pf.goodguys.table"
/etc/pf.conf.tmp:39: cannot define table goodguys: Cannot allocate memory
table <badguys> persist file "/etc/pf.badguys.table"
/etc/pf.conf.tmp:40: cannot define table badguys: Cannot allocate memory
table <tor_net> persist file "/etc/pf.tor_net.table"
table <bruteforce> persist
table <ssh_bruteforce> persist
set limit table-entries 300000
set block-policy drop
set loginterface em1
set skip on { lo0 xyz1 }
pfctl: Syntax error in config file: pf rules not loaded
The possible workaround is to flush table tor_net, reload PF and then
add IPs to the table tor_net.
Is there something I can tune to prevent these errors?
This is on FreeBSD 10.3-RELEASE-p18 amd64 GENERIC
Miroslav Lachman
_______________________________________________
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
