[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Max table size and Composite Blocking List - 3.4 stable



[email protected] (Cedric Berger) wrote in message news:<[email protected]>...
> Greg McConkey wrote:
> 
> >Anyone getting the Composite Blocking List to load into a table in PF,
> >the 1.4 million lines seems to be too much.  PF seems to complain that
> >there isn't enough memory when loading it manually, using:
> >pfctl -t spamd -Tr -f spamd.cbl
> >Box has 1Gb of ram and about 1Gb of swap on i386.
> >
> >Running spamd-setup it seems to load the 1.4 million lines into spamd
> >but fails when it loads the spamd table into my pf ruleset.
> >
> >What is the max table size that pf can handle, has this changed in
> >3.5?  Spam seems to be getting worse the past week and would like to
> >be able to use the CBL instead of just spamhaus and spews.
> >
> Ok, here it goes. If you want to put tons of IP addresses in your table,
> you need to apply the following patch:
> http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_table.c.diff?r1=1.47&r2=1.48
> 
> With that patch, you should be able to load up to something like
> 4'000'000 table entries on your i386 with 1G mem. Adding more than
> 1G memory will not help, since the kernel VM space is limited to 768Mb.
> 
> With this patch, there is no need to tweak nkmempages or any other
> button. Please report success or failure!
> Cedric
3.4 stable won't compile by going from version 1.41 to 1.48 of
pf_table.c.  Is this available in 3.5-stable or do you have to be
running current.  Could this be made workable in 3.4 at all?
Greg