diff --git a/sys/netpfil/ipfilter/netinet/ip_htable.h b/sys/netpfil/ipfilter/netinet/ip_htable.h
--- a/sys/netpfil/ipfilter/netinet/ip_htable.h
+++ b/sys/netpfil/ipfilter/netinet/ip_htable.h
@@ -55,6 +55,8 @@
 	char	iph_name[FR_GROUPLEN];	/* hash table number */
 } iphtable_t;
 
+#define IPHTABLE_MAX_SIZE	1024
+
 /* iph_type */
 #define	IPHASH_LOOKUP	0
 #define	IPHASH_GROUPMAP	1
diff --git a/sys/netpfil/ipfilter/netinet/ip_htable.c b/sys/netpfil/ipfilter/netinet/ip_htable.c
--- a/sys/netpfil/ipfilter/netinet/ip_htable.c
+++ b/sys/netpfil/ipfilter/netinet/ip_htable.c
@@ -97,6 +97,7 @@
 	iphtable_t	*ipf_htables[LOOKUP_POOL_SZ];
 	iphtent_t	*ipf_node_explist;
 	ipftunable_t	*ipf_htable_tune;
+	u_int		ipf_htable_size_max;
 } ipf_htable_softc_t;
 
 ipf_lookup_t ipf_htable_backend = {
@@ -124,6 +125,10 @@
 
 
 static ipftuneable_t ipf_htable_tunables[] = {
+	{ { (void *)offsetof(ipf_htable_softc_t, ipf_htable_size_max) },
+		"htable_size_max",	1,	0x7fffffff,
+		stsizeof(ipf_htable_softc_t, ipf_htable_size_max),
+		0,			NULL,	NULL },
 	{ { NULL },
 		NULL,
 		0,
@@ -163,6 +168,8 @@
 		return (NULL);
 	}
 
+	softh->ipf_htable_size_max = IPHTABLE_MAX_SIZE;
+
 	return (softh);
 }