|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Stuart Henderson (stu
spacehopper.org)
Date: Wed Oct 08 2008 - 17:07:55 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 2008-10-07, Henning Brauer <lists-openbsdbsws.de> wrote:
> * Christophe Rioux <CRiouxviseo.net> [2008-10-07 13:15]:
>> > # pfctl -f pf.conf
>> > pfctl: failed to create table __automatic_e11ee055_282 in :
>> > Cannot allocate memory
>
> so the ruleset optiomizer optimized a large list of addresses into a
> table for you. then allocating memory for that table failed.
it optimized the large lists to _multiple_ tables, one per rule
referencing them. consider how the implementation of port lists
works e.g. { 80 443 25 110 } expands to 4 rules and you'll see
how this can affect some rulesets. (pfctl -nvf pf.conf shows how
this works visually).
here's a smarter workaround that lets you turn the optimizer back on:
identify the macros for frequently used groups of hosts, especially
where large numbers of ports are involved, and convert them to
tables yourself.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]