On 2021-04-14 11:04, Chris wrote:
On 2021-04-14 10:44, Peter Ankerstål wrote:
const { trusted:network mgmt:network dmz:network
guest:network edmz:network \
admin:network iot:network client:network }
If I reload the configuration I get the following:
# pfctl -f /etc/pf.conf
/etc/pf.conf:12: cannot create address buffer: Invalid argument
pfctl: Syntax error in config file: pf rules not loaded
Some changes in the pf source have been made over the last couple
of months. The error returned appears to be related. It appears
that your running into a table size/count and memory allocation
related error. The first change moved/changed memory allocation to
kernel space, requiring one to increase allocation via loader.conf(5).
It was recently moved back to userspace allowing one to make changes
to a running system via sysctl.conf(5) or the commandline.
IOW if your on the recent change you should be able to simply
increase your table count by executing something like:
# echo "set limit table-entries <larger-table-count>" | pfctl -m -f -
OTOH if your stuck with the change in kernelspace, increase
net.pf.request_maxcount=
by some amount in loader.conf(5). If you are on the newer userspace
change, you can issue the sysctl(8) command at your terminal for
net.pf.request_maxcount=
as well.
I dont think so. Everything works normally if I switch from group name to
interface name
in the config.
Sure. I only mentioned it because 1) the error you received looked almost
exactly
the same as the one I encountered after the (pf source) changes, 2) alot of
work
has been done recently (as I mentioned above). :-)
I'll defer to kp@ (Kristof Provost) for more insightful possibilities. As
he's done
most all the recent work. :-)
--Chris
CC'ing pf@ for better coverage of your problem.
It seems to me that pf for some reason changed how it interprets group
names
differently from
12.2-RELEASE-p4 and 13.0-RELEASE.
I dont really get how "anchor in from trusted:network” can resolve to
"anchor in inet6 all”
/Peter.
_______________________________________________
freebsd-sta...@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
_______________________________________________
freebsd-sta...@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
_______________________________________________
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
