NPF tuning

To: tech-net%netbsd.org@localhost
Subject: NPF tuning
From: Egerváry Gergely <gergely%egervary.hu@localhost>
Date: Sun, 15 Jan 2017 14:26:49 +0100

Hi,

It seems I cannot load a ruleset with more than 120 (128?) rules:
  npfctl: npfctl_config_send: Invalid argument

Is there a limit on rule count? How to raise?

In IPFilter and PF I also have to tune some other limits, eg. state
table size, max frag size, etc.

PF:

set limit states 120000
set limit frags 20000

IPFilter:

ipfilter_flags="-Tstate_max=30011,state_size=40009,nat_table_size=40009,nat_table_max=120000"


Isn't this necessary on NPF? Can it play well with ~80.000 states by
default?

Thanks,
--
Gergely EGERVARY

Follow-Ups:
- Re: NPF tuning
  - From: Mindaugas Rasiukevicius
- Re: NPF tuning
  - From: Mindaugas Rasiukevicius
- Re: NPF tuning
  - From: Egerváry Gergely

Prev by Date: Re: MSS clamping in NPF
Next by Date: Re: NPF tuning
Previous by Thread: MSS clamping in NPF
Next by Thread: Re: NPF tuning
Indexes:

Home | Main Index | Thread Index | Old Index