 OpenBSD PF Developer Interview, Part 2

"pf itself doesn't impose many limits. We have the settable state and fragment limits to prevent pool exhaustion, the amount of memory available for the pools used by pf varies depending on the hardware.

I don't have exact numbers; but 50,000 state entries are not a problem on a i386 with 128 MB. That said, there is ongoing work which changes the way OpenBSD handles kernel memory used for the network stack pf is not special here. This will allow for both more efficient usage, backpressure when needed, and more total memory available to the network stack including pf, thus allowing for much bigger state stables etc."

