On Wed, Nov 03, 2004 at 03:09:01PM +0000, Gene ENonymous wrote:
> I would like to implement the Peer Guardian block list (using ipf rules)
> for spyware/adware.
> 
> After processing the rule set into ipf format, I end up with about
> 20,000 rules (maybe 2000 are dulplcates?).
> 
> Running NetBSD 1.6.2 on i386 (166 MHz Pentium w/56M Ram) I attempted to
> load the ruleset.
> 
> First I tried the whole ruleset...it hung my system requiring a
> power cycle reboot. (ouch)
> 
> Then I broke the rule set into 2 files of <= 10,000 rules each. ipf -f file1.rules
> loaded fine. But when I tried ipf -f file2.rules...it locked my system again requiring
> another power cycle reboot. 
> 
> Having used NetBSD for several years, I have only rarely run into system lock situations...
> 
> So, does anyone here know
>    a) if there is a hard limit to the rule set size with ipf?

May be, check the ipf files in sys/netinet/.
There is probably a #define here that you can increase.

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
     NetBSD: 26 ans d'experience feront toujours la difference
--