On Tue, Nov 09, 2004 at 06:17:25PM +0000, Gene ENonymous wrote:
> Just to update the fine folks who answered me on and off the lists...
> [netbsd - tech-net and ipf]
> 
> I subdivided the rule sets into 256 subnets (less actually because
> many were empty and hence not listed at all.) which means no packet
> needs to match more than about 1000 rules to fully traverse the full
> 20,000+ rule ipf rule-set.
> 
> I never got a crystal clear answer to my original question about rule set
> size limits, but that question is moot since the grouping approach allowed
> me to load all my rules without crashing.

  FWIW, I think Darren's message implied (though he didn't say) that
there is no hard-coded limit, and that the number of loadable rules
depends only on your available RAM.

   -- Clifton

-- 
          Clifton Royston  --  cliftonr@tikitechnologies.com 
         Tiki Technologies Lead Programmer/Software Architect
Did you ever fly a kite in bed?  Did you ever walk with ten cats on your head?
  Did you ever milk this kind of cow?  Well we can do it.  We know how.
If you never did, you should.  These things are fun, and fun is good.
                                                                 -- Dr. Seuss