I would like to implement the Peer Guardian block list (using ipf rules)
for spyware/adware.

After processing the rule set into ipf format, I end up with about
20,000 rules (maybe 2000 are dulplcates?).

Running NetBSD 1.6.2 on i386 (166 MHz Pentium w/56M Ram) I attempted to
load the ruleset.

First I tried the whole ruleset...it hung my system requiring a
power cycle reboot. (ouch)

Then I broke the rule set into 2 files of <= 10,000 rules each. ipf -f file1.rules
loaded fine. But when I tried ipf -f file2.rules...it locked my system again requiring
another power cycle reboot. 

Having used NetBSD for several years, I have only rarely run into system lock situations...

So, does anyone here know
   a) if there is a hard limit to the rule set size with ipf?
   b) if it's not a hard limit, any suggestions on why I'm locking up and how to fix it?
   c) is there some better way block large numbers of undesirable subnets access to my box?

Thanks in advance.
gene