>The patch provided at https://reviews.freebsd.org/D3503 should help your case.
>During a full ruleset reload, taking into account so many rules, you will
>impact normal packet processing.
>Hence you have the feeling of the box being frozen or not forwarding traffic.
>That patch reduces the overh
On Wed, Aug 26, 2015 at 4:09 PM, Kolontai Andrej <
andrej.kolon...@verwaltung.uni-muenchen.de> wrote:
> >1.5k rules seems like a lot for PF to handle.
> >
> >Is that 1.5k rules you've written in the conf, or 1.5k rules from `pfctl
> -sr | wc -l' ?
>
> Yes, that's what is in the conf files. The lat
