Re: Is there an upper limit to PF's tables?

2018-06-18 Thread Chris H
On Mon, 18 Jun 2018 12:08:33 +0200 "Kristof Provost" said On 18 Jun 2018, at 0:19, Chris H wrote: > Sorry. Looks like I might be coming to the party a little late. But > I'm > currently running a 9.3 box that runs as a IP (service) filter for > much > of a network. While I've patched the box

Re: Is there an upper limit to PF's tables?

2018-06-18 Thread Chris H
On Mon, 18 Jun 2018 12:21:47 +0200 "Kurt Jaeger" said Hi! > > So loading all entries in to empty table works fine, but reloading > > didn't work. > Sorry. Looks like I might be coming to the party a little late. But I'm > currently running a 9.3 box that runs as a IP (service) filter for muc

[Bug 229092] [pf] [pfsync] States created by route-to rules pfsynced without interface

2018-06-18 Thread bugzilla-noreply
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229092 --- Comment #1 from Kajetan Staszkiewicz --- I came across an issue preventing this from working correctly when rebooting hardware: pfsync is started before pf (or in my case before my custom service populating pf rules. That's a problem, b

[Bug 226850] [pf] Matching but failed rules block without return

2018-06-18 Thread bugzilla-noreply
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850 --- Comment #21 from Kajetan Staszkiewicz --- Without this modification only "block" rules would be configured with return-enabling flag and return ICMP codes. Modification in parse.y ensure that "pass" rules are getting this information to

[Bug 226850] [pf] Matching but failed rules block without return

2018-06-18 Thread bugzilla-noreply
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850 --- Comment #20 from Kristof Provost --- (In reply to Kajetan Staszkiewicz from comment #19) I'm not sure I understand what the changes in 'action : PASS {' (in parse.y) are for. Other than that, I think it's good. -- Y

[Bug 226850] [pf] Matching but failed rules block without return

2018-06-18 Thread bugzilla-noreply
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226850 Kajetan Staszkiewicz changed: What|Removed |Added Attachment #194340|0 |1 is obsolete|

Re: Is there an upper limit to PF's tables?

2018-06-18 Thread Kurt Jaeger
Hi! > > So loading all entries in to empty table works fine, but reloading > > didn't work. > Sorry. Looks like I might be coming to the party a little late. But I'm > currently running a 9.3 box that runs as a IP (service) filter for much > of a network. While I've patched the box well enough to

Re: Is there an upper limit to PF's tables?

2018-06-18 Thread Kristof Provost
On 18 Jun 2018, at 0:19, Chris H wrote: Sorry. Looks like I might be coming to the party a little late. But I'm currently running a 9.3 box that runs as a IP (service) filter for much of a network. While I've patched the box well enough to keep it safe to continue running. I am reluctant to up(