The pfrkentry pool holds the table entries. The size of one entry
(depends on architecture, here 216 bytes) multiplied by the number of
entries is 216*70000 = 14.41MB. So 70,000 isn't that large. 700,000
would probably be a challenge, and 7,000,000 would be beyond reasonable
$0.02 added.... http://cbl.abuseat.org/
An example of using an extremely big table would be to try
to use the CBL list, rsync to get it, sed to remove unwanted lines
/usr/local/bin/rsync rsync://rsync.cbl.abuseat.org/cbl/list.txt
cbl-list.txt.rsync
## example if your IP was 199.233.112.0/24
sed -e 's/^[ \t]*//' -e '/^[0-9]/!d' \
-e '/^199.233.112/d' cbl-list.txt.rsync > cbl-list.txt
## number of IP addresse in the list
# wc -l cbl-list.txt
3112763 cbl-list.txt
Thats over 3 million lines, wow. So would that be over 3 million entries
and with the previous example 3,112,763 * 216 = 672 MB
That math correct? And add the smaller spews list, korean & china lists
to that also. So how well does pf work with CBL?
...
A good reason to want this list is that it has IPs of many of the
exploited computers that are used as bots.
A nominal i386 computer with only a meg of ram
without limit changes would not load it.