I'm having a similar issue as to whats described here. In my situation I have a table with about 200 entries. Im attempting to update that table and add about 200 more entries. I've included network blocks this time with the biggest being a /18. I update my /etc/blackhole.abuse file, then I run pfctl -t abuse -Tflush as described in this thread, and then i reload the pf.conf file with pfctl -f /etc/pf.conf. When I do this any thing in the state table seems to flow as usual, however any new sessions timeout. Im not sure whats going on? I tried bumping up the table-entries limit with no luck. Any help would be appreciated. I've included the relevant lines from my pf.conf file.
table <abuse> persist file "/etc/blackhole.abuse" set limit { states 1000000, tables 1000, table-entries 300000 } block in log quick on { $ext_if } proto { tcp udp } from <abuse> to any label "abuse" On 6/21/07, Francesco Toscan <[EMAIL PROTECTED]> wrote: > > 2007/6/21, Peter N. M. Hansteen <[EMAIL PROTECTED]>: > > > > > You may be hitting one or more of the several relevant limits, but > > have you tried something like 'pfctl -T flush -t tablename' before > > reloading the table data? > > > Yes, if I first flush the table it works flawlessy. The 'problem' > occurs only reloading the ruleset directly with pfctl -f, without > flushing / cleaning anything, when pfctl has two full copies of this > large_table. > f.