My home firewall had been using 5.9. It's an ancient i386 Compaq 966 with 512MB of memory. It used pf which itself queried a block table with over 170k entries. It all ran just fine.
Because it was now two releases behind I upgraded to 6.1. It works fine too but the system load (top) is now always a bit over 1, there's over 300MB of memory that is apparently never used, and pf fails at boot because the system can't allocate enough memory, I suppose for that block table. I flushed it and the table now has about 8 entries and browser response appears to be a bit quicker so I guess it's the parsing.
What has changed since 5.9? Is there a sysctl I can tune to get full memory utilization and maybe help the pf table to load? Or is it time to just dump the hardware for something more modern?
Thanks!