I am using pf and have this line:
I also tried increasing the src-nodes (in case they were dependent), but that too didn't help. When running:
I get:
If I set the number of records to 131072, I can then load the table. I have a total # of 210400 entries for badips, I would think I should be able to load all of them.
I also did:
and, it appears one of the keys has that value:
Actually, the above appears to be for TCP states, and so that had no impact.
Code:
set limit { states 1000000, frags 1000000, src-nodes 100000, table-entries 1000000 }
Code:
pfctl -sm
Code:
states hard limit 1000000
src-nodes hard limit 100000
frags hard limit 1000000
table-entries hard limit 1000000
I also tried increasing the src-nodes (in case they were dependent), but that too didn't help. When running:
Code:
pfctl -t BAD_IPS -T replace -f badips
I get:
Code:
pfctl: Invalid argument.
If I set the number of records to 131072, I can then load the table. I have a total # of 210400 entries for badips, I would think I should be able to load all of them.
I also did:
Code:
sysctl -a | grep 131072
and, it appears one of the keys has that value:
Code:
net.inet.tcp.tcbhashsize: 131072
net.pf.states_hashsize: 131072
Actually, the above appears to be for TCP states, and so that had no impact.