pf can't get memory for tables
Doug Hardie
doug at mail.sermon-archive.info
Thu Feb 16 07:23:40 UTC 2017
> On 15 February 2017, at 22:12, Scott Bennett <bennett at sdf.org> wrote:
>
> I have a rather long list of IP addresses and address ranges in a file
> loaded by pf for reference by a block rule. After the latest addition of a
> batch of addresses to be blocked, I got an error when I tried to reload the
> file into the table in pf.
>
> hellas# pfctl -f /ztmp3c/pf/pfbnew -t Crackers -T replace
> pfctl: Cannot allocate memory.
> hellas#
>
> What value can I increase to accommodate pf, so that it can reload the table?
> (Stopping and restarting pf also fails with the same error message.) I expect
> to continue adding more addresses into the foreseeable future, so I have to
> be able to continue to satisfy pf's needs.
I believe you are hitting the table-entries hard limit. See Peter N M Hansteen's "The Book of PF" for details. The 3rd edition is available here:
https://pdf.k0nsl.org/C/Computer%20and%20Internet%20Collection/2015%20Computer%20and%20Internet%20Collection%20part%201/No%20Starch%20Press%20The%20Book%20of%20PF,%20A%20No-Nonsense%20Guide%20to%20the%20OpenBSD%20Firewall%203rd%20(2015).pdf
Good luck with that URL. I found it by searching for his name and the book name. That might be easier than trying to enter that URL.
Anyway, this is addressed in Section 10 in the Limits section. The limits are changeable quite easily, but there are significant concerns with such. The book addresses those better than I can.
More information about the freebsd-questions
mailing list