Date: Fri, 28 Feb 2025 19:42:43 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 285081] pf not loading rules at boot time if a large table is involved Message-ID: <bug-285081-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=285081 Bug ID: 285081 Summary: pf not loading rules at boot time if a large table is involved Product: Base System Version: 14.2-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: dvl@FreeBSD.org pf is having trouble loading a large file during system startup. After startup, the file can be loaded manully, without issue. pf recommends a sysctl change: after implementing that, it does not help. The following is from the console after startup: Enabling pfcannot define inactive set table bogons_v6: too many elements. Consider increasing net.pf.request_maxcount./etc/pf.conf: 152: cannot define table bogons_v6: too many elements. Consider increasing net. pf. request_maxcount. pfctl: Syntax error in config file: pf rules not loaded /etc/rc: WARNING: Unable to load /etc/pf. conf. I have the following sysctl control: [19:27 gw01 dvl /etc] % cat /etc/sysctl.conf.local net.pf.request_maxcount=350000 (I have tried 550000 - not a fix) I added that same line to /boot/loader.conf (just in case; it does not fix it). Let's try boosting the limist in case I was hitting that. In /etc/pf.conf: set limit { states 200000, frags 200000, src-nodes 100000, table-entries 350000 } If I invoke pf at this stage, I get: [18:45 gw01 dvl ~] % sudo pfctl -f /etc/pf.conf [18:46 gw01 dvl ~] % sudo pfctl -sm states hard limit 200000 src-nodes hard limit 100000 frags hard limit 200000 table-entries hard limit 350000 OK, let's reboot. After boot, I see this: [19:33 gw01 dvl ~] % sudo pfctl -sm states hard limit 100000 src-nodes hard limit 10000 frags hard limit 5000 table-entries hard limit 200000 Inspecting via `pfctl -sa`, the rules are not loaded. [19:33 gw01 dvl ~] % sudo pfctl -sa | wc -l ' 63 Manually loading, I have success: [19:33 gw01 dvl ~] % sudo pfctl -f /etc/pf.conf [19:34 gw01 dvl ~] % sudo pfctl -sm states hard limit 200000 src-nodes hard limit 100000 frags hard limit 200000 table-entries hard limit 350000 [19:34 gw01 dvl ~] % sudo pfctl -sa | wc -l 2030 Ideally, I like to not have to manually intervene after each reboot. -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-285081-227>