Thank you very much! I appreciate your time. Enjoy your vacation, Vita
On Fri, Sep 12, 2025 at 11:52:46PM +0200, Alexandr Nedvedicky wrote: > Hello, > > On Fri, Sep 12, 2025 at 11:10:31PM +0200, Vita Batrla wrote: > </snip> > > > I think the ROLLBACK of transaction is pointless here. > > > hover you tired to load the second ruleset directly? > > > > It's pointless for the testcase and its step 3. But in general I think it's > > good to let the process exit gracefully and let it to either commit or > > rollback the transaction it created. > > I think your suggested change makes sense. I will craft > the diff for OpenBSD once I will be back after vacation next week. > > </snip> > > > > Another interesting observation on Solaris is that: > > > > Adding tables via ioctl occurs immediately as the file is being parsed. > > The user may want to raise the table limit if too many tables are defined > > in pf.conf. However, raising the limit via "set limit tables" is effective > > after the transaction is committed. Tables are added via ioctl before the > > transaction is committed and if the original limit was too small, then > > addition fails.... That means a single pf.conf file cannot define many > > tables and raise the limit altogether. But I'm unsure if this is specific > > to Solaris or not... I don't know how to get around this, the only way I > > to define many tables for me is to have two config files, raise the limit > > with first config file, then define the tables in another pf.conf. > > > > I think this got fixed recently in OpenBSD. You need to grab this > changeset [1] and port it to Solaris. > > thanks and > regards > sashan > > [1] > https://urldefense.com/v3/__https://github.com/openbsd/src/commit/85baac77515140239632c5e733ba5c896915fadc__;!!ACWV5N9M2RV99hQ!Ns6Gj484vzefdRw5PPhJkQMiZ5kydJye_vNu57T9mzZ-sw4SNLhGwHN7x6aMKGHMywNNJpb1E5OcOex4ZXpX-lg$ >
