Hello,
On Fri, Sep 12, 2025 at 11:10:31PM +0200, Vita Batrla wrote:
</snip>
> > I think the ROLLBACK of transaction is pointless here.
> > hover you tired to load the second ruleset directly?
>
> It's pointless for the testcase and its step 3. But in general I think it's
> good to let the process exit gracefully and let it to either commit or
> rollback the transaction it created.
I think your suggested change makes sense. I will craft
the diff for OpenBSD once I will be back after vacation next week.
</snip>
>
> Another interesting observation on Solaris is that:
>
> Adding tables via ioctl occurs immediately as the file is being parsed.
> The user may want to raise the table limit if too many tables are defined
> in pf.conf. However, raising the limit via "set limit tables" is effective
> after the transaction is committed. Tables are added via ioctl before the
> transaction is committed and if the original limit was too small, then
> addition fails.... That means a single pf.conf file cannot define many
> tables and raise the limit altogether. But I'm unsure if this is specific
> to Solaris or not... I don't know how to get around this, the only way I
> to define many tables for me is to have two config files, raise the limit
> with first config file, then define the tables in another pf.conf.
>
I think this got fixed recently in OpenBSD. You need to grab this
changeset [1] and port it to Solaris.
thanks and
regards
sashan
[1]
https://github.com/openbsd/src/commit/85baac77515140239632c5e733ba5c896915fadc
