Date: Tue, 23 Jun 2015 11:05:37 +0200 From: Thomas Steen Rasmussen <thomas@gibfest.dk> To: freebsd-pf@freebsd.org Subject: problem with pf ($interface) expansion on freebsd 10.1 with > 64 ip adresses on interface Message-ID: <55892161.7000205@gibfest.dk>
next in thread | raw e-mail | index | archive | help
Hello list,
I have this rule in my pf.conf:
pass in quick on $if proto tcp from { <allowssh> } to ($if) port 22
The rule permits SSH to all adresses on $if of course. The problem is
that the enumeration of IPs on the interface that happens at boottime
fails when the number of IP adresses exceed 64 IPs. If I reboot with 65
IPs on the interface the rule matches nothing and I get the following
error in dmesg:
pfi_table_update: cannot set 65 new addresses into table igb1: 22
This is on FreeBSD 10.1-STABLE FreeBSD 10.1-STABLE #0 r284163
If I add or remove an IP to the interface manually after the boot
finishes the enumeration works fine, and all IPs on the interface are
permitted SSH. The problem occurs only at boottime - when (I assume) pf
tries to add all the IPs at once.
I was going to open a PR for this but I wanted to hear if the list has
any input first?
Thanks!
/Thomas Steen Rasmussen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55892161.7000205>