Re: pf problem with table
Reinhold Platzoeder [EMAIL PROTECTED] writes: My problem looks like the file is to big to be loaded into pf My firewall stops responding when the file has about 7000 IPs in it The old file has 104450 IPs in it and I would like to block them You could try manipulating the table entries limits, ie set limit table-entries 15 in your pf.conf would set the upper limit for number of entries in a table to 15. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/ First, we kill all the spammers The Usenet Bard, Twice-forwarded tales 20:11:56 delilah spamd[26905]: 146.151.48.74: disconnected after 36099 seconds. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pf problem with table
On Thu, 20 Apr 2006 09:21:40 +0200
[EMAIL PROTECTED] (Peter N. M. Hansteen) wrote:
Reinhold Platzoeder [EMAIL PROTECTED] writes:
My problem looks like the file is to big to be loaded into pf
My firewall stops responding when the file has about 7000 IPs in it
The old file has 104450 IPs in it and I would like to block them
You could try manipulating the table entries limits, ie
set limit table-entries 15
in your pf.conf would set the upper limit for number of entries in a
table to 15.
Hi
When I add this option I get a Syntax error
I have added it like this
set limit table-entries 15
and then i tried
set limit { states 1, frags 5000, table-entries 15 }
both times I get
pfctl: Bad pool name.
/etc/pf.conf:25: unable to set limit table-entries 15
pfctl: Syntax error in config file: pf rules not loaded
I also tried lowering the number with no success
--
Reinhold Platzoeder
[EMAIL PROTECTED]
[EMAIL PROTECTED]
http://www.violetlan.net
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: pf problem with table
Error msg means there is something wrong with the content of /etc/pfdata/blocklist-p2p check that there are no blank lines in that file. make file with only ten entries and test. Then add more content until you break it. maybe 1.7 MB file size is to large for max table size -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Reinhold Platzoeder Sent: Wednesday, April 19, 2006 2:17 AM To: freebsd-questions@freebsd.org Subject: pf problem with table Hi I have a problem with FreeBSD 6 and pf I am trying to load a 1.7M file in to pf using a tables but I get this error /etc/pf.conf:22: cannot define table p2pblock: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded the table config in pf.conf is table p2pblock persist file /etc/pfdata/blocklist-p2p block in log quick on $ext_if from p2pblock to any I have tried it on two different machines and both gives me the same error everything works when I comment these two lines out Any ideas as to what i'm doing wrong? Thanks -- Reinhold Platzoeder [EMAIL PROTECTED] [EMAIL PROTECTED] http://www.violetlan.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pf problem with table
On Wed, 19 Apr 2006 07:41:33 -0400 fbsd [EMAIL PROTECTED] wrote: Error msg means there is something wrong with the content of /etc/pfdata/blocklist-p2p check that there are no blank lines in that file. make file with only ten entries and test. Then add more content until you break it. maybe 1.7 MB file size is to large for max table size -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Reinhold Platzoeder Sent: Wednesday, April 19, 2006 2:17 AM To: freebsd-questions@freebsd.org Subject: pf problem with table Hi I have a problem with FreeBSD 6 and pf I am trying to load a 1.7M file in to pf using a tables but I get this error /etc/pf.conf:22: cannot define table p2pblock: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded the table config in pf.conf is table p2pblock persist file /etc/pfdata/blocklist-p2p block in log quick on $ext_if from p2pblock to any I have tried it on two different machines and both gives me the same error everything works when I comment these two lines out Any ideas as to what i'm doing wrong? Thanks -- Reinhold Platzoeder [EMAIL PROTECTED] [EMAIL PROTECTED] http://www.violetlan.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Hi My problem looks like the file is to big to be loaded into pf My firewall stops responding when the file has about 7000 IPs in it The old file has 104450 IPs in it and I would like to block them Does anyone know how I can get this file to load into pf without killing my machine? Here is my top stats last pid: 4899; load averages: 0.00, 0.00, 0.00 up 1+02:06:53 01:23:55 30 processes: 1 running, 29 sleeping CPU states: 0.0% user, 0.0% nice, 0.0% system, 1.6% interrupt, 98.4% idle Mem: 13M Active, 4884K Inact, 23M Wired, 2852K Cache, 13M Buf, 9788K Free Swap: 512M Total, 5364K Used, 507M Free, 1% Inuse Thanks -- Reinhold Platzoeder [EMAIL PROTECTED] [EMAIL PROTECTED] http://www.violetlan.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: PF problem!!!
Fafa Diliha Romanova [EMAIL PROTECTED] writes: My question is: Why do I have to type this after everytime I've rebooted to make my NAT gateway server allow Internet access to my workstation? Your rule set does not contain any rules which let packets pass *in* on your internal interface. Remember, pf.conf is seen from the firewall's perspective. traffic passes IN from elsewhere on either interface to the firewall, OUT to elsewhere on either interface. You have rules which let traffic pass in to the firewall on the external interface and out from the firewall on the external interface, but none which let traffic in on the internal interface. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/ First, we kill all the spammers The Usenet Bard, Twice-forwarded tales ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
re: PF problem!!!
did you enable the default variables in rc.conf (or rc.conf.local)? see: grep -e pf_ -e pflog /etc/defaults/rc.conf and set the appropriate variables. regards, didier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
