There is no limit when defining or importing socket filter lists, and there is no limit for Windows SFAs. However, UNIX/Linux SFAs have a limit of 4096 entries and will drop and not enforce any list exceeding this limit. The limit should be more than sufficient. If access to a very large number of hosts is to be allowed, it should be possible to define netmasks to allow access to ranges of IPs and keep the length of the list much shorter than the number of devices to which access is allowed. This information is accurate as of CA PAM 3.x and may change in future releases.