On 2008-10-07, Henning Brauer <[EMAIL PROTECTED]> wrote:
> * Christophe Rioux <[EMAIL PROTECTED]> [2008-10-07 13:15]:
>> > # pfctl -f pf.conf
>> > pfctl: failed to create table __automatic_e11ee055_282 in :
>> > Cannot allocate memory
>
> so the ruleset optiomizer optimized a large list of addresses into a
> table for you. then allocating memory for that table failed.
it optimized the large lists to _multiple_ tables, one per rule
referencing them. consider how the implementation of port lists
works e.g. { 80 443 25 110 } expands to 4 rules and you'll see
how this can affect some rulesets. (pfctl -nvf pf.conf shows how
this works visually).
here's a smarter workaround that lets you turn the optimizer back on:
identify the macros for frequently used groups of hosts, especially
where large numbers of ports are involved, and convert them to
tables yourself.
