[EMAIL PROTECTED] (Cedric Berger) wrote in message news:<[EMAIL PROTECTED]>... > Greg McConkey wrote: > > >Anyone getting the Composite Blocking List to load into a table in PF, > >the 1.4 million lines seems to be too much. PF seems to complain that > >there isn't enough memory when loading it manually, using: > >pfctl -t spamd -Tr -f spamd.cbl > >Box has 1Gb of ram and about 1Gb of swap on i386. > > > >Running spamd-setup it seems to load the 1.4 million lines into spamd > >but fails when it loads the spamd table into my pf ruleset. > > > >What is the max table size that pf can handle, has this changed in > >3.5? Spam seems to be getting worse the past week and would like to > >be able to use the CBL instead of just spamhaus and spews. > > > Ok, here it goes. If you want to put tons of IP addresses in your table, > you need to apply the following patch: > http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_table.c.diff?r1=1.47&r2=1.48 > > With that patch, you should be able to load up to something like > 4'000'000 table entries on your i386 with 1G mem. Adding more than > 1G memory will not help, since the kernel VM space is limited to 768Mb. > > With this patch, there is no need to tweak nkmempages or any other > button. Please report success or failure! > Cedric
Never mind my previous post about the compile error, made the changes to the pf_table.c file instead of replacing the whole file and it compiled just fine. And works too. Tested on a PII 400MHz with 384mb of ram. It stops passing traffic for about a minute (64 seconds or so) when loading the table, will have to see how the other box, 2.4GHz P4, handles it. Thanks for your help Cedric. Greg
