I use pf on FreeBSD 8.1-stable as my firewall of choice. Recently I’ve started using the University of Alberta list of trapped addresses. As of the time of writing this, the list contains about 56,000 IP addresses. When combined with my own list of 27,000 SPAMTRAP addresses, I quick ran into a problem when reload my rule set:
$ sudo pfctl -f /etc/pf.rules No ALTQ support in kernel ALTQ related functions disabled /etc/pf.rules:69: cannot define table spamd-ualberta: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded
Searching for this message provided the following suggestion:
set limit table-entries 200000
Looking at the existing limits, I saw:
$ sudo do pfctl -s memory No ALTQ support in kernel ALTQ related functions disabled states hard limit 10000 src-nodes hard limit 10000 frags hard limit 5000 tables hard limit 1000 table-entries hard limit 100000
However, that didn’t solve the issue. I encountered the same error again. So I killed the table and tried again:
$ sudo pfctl -T kill -t spamd-ualberta No ALTQ support in kernel ALTQ related functions disabled 1 table deleted. $ sudo pfctl -f /etc/pf.rules No ALTQ support in kernel ALTQ related functions disabled
Success!
Thank you, still helpful in 2021 FreeBSD 13.
Check typo in the kill command there is extra “-T”.
Fixed, Thank you.