I have my router running in a jail and recently added an IP block list (emerging threats and firehol). ET is relatively small, but firehol is huge (if you aggregate all of the lists together, I'm using sort -u to remove duplicates). I have 2 separate pf tables, one for emerging threats, and the other firehol. Whenever I attempt to load the firehol list into my table, pfctl complains, it looks like it must be hitting the table limit which I had originally set to 200k and have now set to 2M (just for firehol).
That said, on the host, I updated:
I also restarted the jail and see that number, but I also see:
When I try to change those, it complains they're read-only. I think many moons ago, I ran my router on separate physical hardware and I just needed to set the one sysctl. Is there another sysctl I need to set or do I need to reboot for this to take affect?
I would prefer to avoid having to reboot the physical host.
That said, on the host, I updated:
I also restarted the jail and see that number, but I also see:
When I try to change those, it complains they're read-only. I think many moons ago, I ran my router on separate physical hardware and I just needed to set the one sysctl. Is there another sysctl I need to set or do I need to reboot for this to take affect?
I would prefer to avoid having to reboot the physical host.