I'm having a similar issue as to whats described here.
In my situation I have a table with about 200 entries. Im attempting to
update that table and add about 200 more entries. I've included network
blocks this time with the biggest being a /18. I update my
/etc/blackhole.abuse file, then I run pfctl -t abuse -Tflush as described in
this thread, and then i reload the pf.conf file with pfctl -f /etc/pf.conf.
When I do this any thing in the state table seems to flow as usual, however
any new sessions timeout. Im not sure whats going on? I tried bumping up the
table-entries limit with no luck. Any help would be appreciated. I've
included the relevant lines from my pf.conf file.
table <abuse> persist file "/etc/blackhole.abuse"
set limit { states 1000000, tables 1000, table-entries 300000 }
block in log quick on { $ext_if } proto { tcp udp } from <abuse> to any
label "abuse"
On 6/21/07, Francesco Toscan <[EMAIL PROTECTED]> wrote:
>
> 2007/6/21, Peter N. M. Hansteen <[EMAIL PROTECTED]>:
>
> >
> > You may be hitting one or more of the several relevant limits, but
> > have you tried something like 'pfctl -T flush -t tablename' before
> > reloading the table data?
> >
> Yes, if I first flush the table it works flawlessy. The 'problem'
> occurs only reloading the ruleset directly with pfctl -f, without
> flushing / cleaning anything, when pfctl has two full copies of this
> large_table.
> f.
