Greg McConkey wrote:
Anyone getting the Composite Blocking List to load into a table in PF, the 1.4 million lines seems to be too much. PF seems to complain that there isn't enough memory when loading it manually, using: pfctl -t spamd -Tr -f spamd.cbl Box has 1Gb of ram and about 1Gb of swap on i386.
Running spamd-setup it seems to load the 1.4 million lines into spamd but fails when it loads the spamd table into my pf ruleset.
What is the max table size that pf can handle, has this changed in 3.5? Spam seems to be getting worse the past week and would like to be able to use the CBL instead of just spamhaus and spews.
Ok, here it goes. If you want to put tons of IP addresses in your table, you need to apply the following patch: http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_table.c.diff?r1=1.47&r2=1.48
With that patch, you should be able to load up to something like 4'000'000 table entries on your i386 with 1G mem. Adding more than 1G memory will not help, since the kernel VM space is limited to 768Mb.
With this patch, there is no need to tweak nkmempages or any other button. Please report success or failure! Cedric
