[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-pf
Subject:    Re: pfctl limits on number of tables
From:       peter () bsdly ! net (Peter N !  M !  Hansteen)
Date:       2007-10-19 6:10:15
Message-ID: 87odev7hyw.fsf () thingy ! datadok ! no
[Download RAW message or body]

Russell Fulton <r.fulton@auckland.ac.nz> writes:

> These tables are at the end of a long list of table definitions and my
> immediate guess was that we had exceeded some resource limitation
> (memory -- clearly) that pf used when building the tables.

You can tweak the limits via 'set limit' options in your pf.conf,
within the limits of actually available memory.  see man pf.conf and
look for 'set limit'. 

Also see Daniel Hartmeier's undeadly.org articles starting with
http://undeadly.org/cgi?action=article&sid=20060927091645 for some
explanation.

The error reporting messages could possibly improved upon too.

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
[prev in list] [next in list] [prev in thread] [next in thread]