** Apologies to folks already subscribed to p...@freebsd.org. This was posted there as well but I'm not getting any responses at all so I thought it best to post it here as well. **
We are having memory issues with PF and 7.1p2 that we didn't experience with 6.3. Here's what happens. # pfctl -f /usr/local/etc/pf.conf /usr/local/etc/pf.conf:135: cannot define table smtpd_reject_policyd: Cannot allocate memory /usr/local/etc/pf.conf:139: cannot define table smtpd_reject_spam: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded # pfctl -t smtpd_reject_policyd -T flush 94390 addresses deleted. # pfctl -t smtpd_reject_spam -T flush 62464 addresses deleted. # pfctl -f /usr/local/etc/pf.conf So, after I flush the tables it loads. Sometimes, however, we get a global out of memory error " DIOCADDRULE: Cannot allocate memory " Here are my entries from pf.conf for various limits. Everything else is defaults. set limit tables 500 set limit table-entries 250000 set limit { states 1000000, src-nodes 300000, frags 100000 } set optimization normal set skip on lo0 set state-policy if-bound set timeout interval 300 set timeout src.track 1200 Finally, the box is using EM interfaces with VLAN's and has 4 Gig of physical RAM. There are two PF boxes in Active/Failover and the errors show up on both, although they seem to show up more often on the Backup device, which seems odd. Any help would be greatly appreciated. Regards, Mike -- Michael K. Smith - CISSP, GISP Chief Technical Officer - Adhost Internet LLC mksm...@adhost.com w: +1 (206) 404-9500 f: +1 (206) 404-9050 PGP: B49A DDF5 8611 27F3 08B9 84BB E61E 38C0 (Key ID: 0x9A96777D)
PGP.sig
Description: PGP signature