** Apologies to folks already subscribed to p...@freebsd.org. This was posted there as well but I'm not getting any responses at all so I thought it best to post it here as well. **
We are having memory issues with PF and 7.1p2 that we didn't experience with
6.3. Here's what happens.
# pfctl -f /usr/local/etc/pf.conf
/usr/local/etc/pf.conf:135: cannot define table smtpd_reject_policyd: Cannot
allocate memory
/usr/local/etc/pf.conf:139: cannot define table smtpd_reject_spam: Cannot
allocate memory
pfctl: Syntax error in config file: pf rules not loaded
# pfctl -t smtpd_reject_policyd -T flush
94390 addresses deleted.
# pfctl -t smtpd_reject_spam -T flush
62464 addresses deleted.
# pfctl -f /usr/local/etc/pf.conf
So, after I flush the tables it loads. Sometimes, however, we get a global out
of memory error " DIOCADDRULE: Cannot allocate memory "
Here are my entries from pf.conf for various limits. Everything else is
defaults.
set limit tables 500
set limit table-entries 250000
set limit { states 1000000, src-nodes 300000, frags 100000 }
set optimization normal
set skip on lo0
set state-policy if-bound
set timeout interval 300
set timeout src.track 1200
Finally, the box is using EM interfaces with VLAN's and has 4 Gig of physical
RAM. There are two PF boxes in Active/Failover and the errors show up on both,
although they seem to show up more often on the Backup device, which seems odd.
Any help would be greatly appreciated.
Regards,
Mike
--
Michael K. Smith - CISSP, GISP
Chief Technical Officer - Adhost Internet LLC
mksm...@adhost.com
w: +1 (206) 404-9500 f: +1 (206) 404-9050
PGP: B49A DDF5 8611 27F3 08B9 84BB E61E 38C0 (Key ID: 0x9A96777D)
PGP.sig
Description: PGP signature
