diff options
author | jim-p <jimp@pfsense.org> | 2012-05-29 10:46:37 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2012-05-29 10:52:34 -0400 |
commit | d57f6f21b98e5d449d1098faeffedcf99f5431ca (patch) | |
tree | 0e37b71236cb24b57246bf2e14db8e63026e0657 /etc/inc/filter.inc | |
parent | 30b9b160d92431e9b0648c25c5c9bbdcd4f67346 (diff) | |
download | pfsense-d57f6f21b98e5d449d1098faeffedcf99f5431ca.zip pfsense-d57f6f21b98e5d449d1098faeffedcf99f5431ca.tar.gz |
Add a knob to tune the maximum number of tables that can be defined, the pf default of 1000 is too low for systems with >500 aliases.
Diffstat (limited to 'etc/inc/filter.inc')
-rw-r--r-- | etc/inc/filter.inc | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 706e6f1..901aabf 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -252,6 +252,15 @@ function filter_configure_sync($delete_states_if_needed = true) { copy("{$g['tmp_path']}/rules.debug", "{$g['tmp_path']}/rules.debug.old"); $rules = ""; + if($config['system']['maximumtables'] <> "" && is_numeric($config['system']['maximumtables'])) { + /* User defined maximum table entries in Advanced menu. */ + $rules .= "set limit tables {$config['system']['maximumtables']}\n"; + } + if($config['system']['maximumtableentries'] <> "" && is_numeric($config['system']['maximumtableentries'])) { + /* User defined maximum table entries in Advanced menu. */ + $rules .= "set limit table-entries {$config['system']['maximumtableentries']}\n"; + } + $rules .= "{$aliases} \n"; $rules .= "{$gateways} \n"; update_filter_reload_status("Setting up logging information"); @@ -274,11 +283,6 @@ function filter_configure_sync($delete_states_if_needed = true) { $rules .= "set limit src-nodes {$max_states}\n"; } - if($config['system']['maximumtableentries'] <> "" && is_numeric($config['system']['maximumtableentries'])) { - /* User defined maximum table entries in Advanced menu. */ - $rules .= "set limit table-entries {$config['system']['maximumtableentries']}\n"; - } - // Configure flowtable support if enabled. flowtable_configure(); |