On Mon, Dec 30, 2002 at 08:51:41PM +0100, Wouter Clarie wrote:
> On Mon, 30 Dec 2002, David Krause wrote:
>
> > Henning already has a diff like this. However, we both think that
> > states should be limited to a reasonable value (5000) by default, and
> > unlimited should not even be an option.
>
On Mon, Dec 30, 2002 at 06:37:55PM +0100, Wouter Clarie wrote:
> when it was moved to parse.y from pfctl.c. At that moment the "inf"
> property vanished. So there's no way to actually set it to unlimited right
> now.
well, there is, but why bother. these should never be set to unlimited.
there wil
On Mon, Dec 30, 2002 at 08:21:55PM +0100, Srebrenko Sehic wrote:
> How about having a possiblity to define a limit in relative way? Like
> 80% of free memory or something. That way, kernel would not crash and
> the limits could be dynamic, depending on the current memory utilization.
The current
On Mon, Dec 30, 2002 at 08:37:28PM +0100, Wouter Clarie wrote:
>
> On a related note: the default pf.conf in the distribution, does have:
>
> #set limit { states unlimited, frags 5000 }
>
> which is not parseable if uncommented.
/usr/src/etc/pf.conf also has,
#set loginterface none
#set optimi
On Mon, 30 Dec 2002, David Krause wrote:
> Henning already has a diff like this. However, we both think that
> states should be limited to a reasonable value (5000) by default, and
> unlimited should not even be an option.
Fine, but then "set limits states unlimited" should be removed from
src/e
* Wouter Clarie <[EMAIL PROTECTED]> [021230 13:35]:
> I just made a little diff, you can do with it as you please ;) I don't
> have any more time to spend on this today. Diff is for parse.y and
> pf.conf.5 man page, at the bottom of this mail.
Henning already has a diff like this. However, we bot
On a related note: the default pf.conf in the distribution, does have:
#set limit { states unlimited, frags 5000 }
which is not parseable if uncommented.
//Wouter
On Mon, 30 Dec 2002, Srebrenko Sehic wrote:
> How about having a possiblity to define a limit in relative way? Like
> 80% of free memory or something. That way, kernel would not crash and
> the limits could be dynamic, depending on the current memory utilization.
>
> I understand that this could ha
I just made a little diff, you can do with it as you please ;) I don't
have any more time to spend on this today. Diff is for parse.y and
pf.conf.5 man page, at the bottom of this mail.
Greetings,
//Wouter
On Mon, 30 Dec 2002, Daniel Hartmeier wrote:
> Yes, it's rather simple to add support fo
On Mon, Dec 30, 2002 at 07:40:23PM +0100, Daniel Hartmeier wrote:
> On Mon, Dec 30, 2002 at 07:05:40PM +0100, Wouter Clarie wrote:
>
> > That should be more flexible eh? I'll see if i can cook up a diff for
> > that tonight.
>
> Yes, it's rather simple to add support for either 'inf' or 'unlimit
On Mon, Dec 30, 2002 at 07:05:40PM +0100, Wouter Clarie wrote:
> That should be more flexible eh? I'll see if i can cook up a diff for
> that tonight.
Yes, it's rather simple to add support for either 'inf' or 'unlimited'
to the parser (it just has to translate to UINT_MAX).
But it really makes
On Mon, Dec 30, 2002 at 07:05:40PM +0100, Wouter Clarie wrote:
> On Mon, 30 Dec 2002, Dries Schellekens wrote:
>
> > If you don't specify a limit for states, it will be unlimited. But if you
> > choice a number, there is no way to change it back to unlimited except by
> > rebooting. So there is a
On Mon, 30 Dec 2002, Dries Schellekens wrote:
> If you don't specify a limit for states, it will be unlimited. But if you
> choice a number, there is no way to change it back to unlimited except by
> rebooting. So there is also no way to set to limit for frags to unlimited.
That should be more f
On Mon, 30 Dec 2002, Wouter Clarie wrote:
>
> I see this syntax has been changed on June 25:
>
> http://www.openbsd.org/cgi-bin/cvsweb/src/sbin/pfctl/pfctl.c.diff?r1=1.80&r2=1.81
> http://www.openbsd.org/cgi-bin/cvsweb/src/sbin/pfctl/parse.y.diff?r1=1.106&r2=1.107
>
> when it was moved to parse.y
I see this syntax has been changed on June 25:
http://www.openbsd.org/cgi-bin/cvsweb/src/sbin/pfctl/pfctl.c.diff?r1=1.80&r2=1.81
http://www.openbsd.org/cgi-bin/cvsweb/src/sbin/pfctl/parse.y.diff?r1=1.106&r2=1.107
when it was moved to parse.y from pfctl.c. At that moment the "inf"
property vanish
On Mon, Dec 30, 2002 at 05:17:12PM +0100, Dries Schellekens wrote:
> So I guess the correct syntax would be 'set limit states inf'. Can you try
> this?
Doesn't work either. I get,
/etc/pf.conf:15: inf is not a number
pfctl: Syntax error in file: pf rules not loaded
// haver
On Mon, 30 Dec 2002, Dries Schellekens wrote:
> On Mon, 30 Dec 2002, Srebrenko Sehic wrote:
>
> > Isn't 'set limit states unlimited' supposed to work in /etc/pf.conf?
[snip]
> The old pfctl(8) (of OpenBSD 3.1) used to say
>-m modifier
> Gets or sets hard limits on the memory pools u
On Mon, 30 Dec 2002, Srebrenko Sehic wrote:
> Isn't 'set limit states unlimited' supposed to work in /etc/pf.conf?
>
> I get this:
>
> root@hellspawn:/root# grep states /etc/pf.conf
> set limit { states unlimited, frags 5000 }
>
> root@hellspawn:/root# grep states /usr/src/etc/pf.conf
> #set limit
Isn't 'set limit states unlimited' supposed to work in /etc/pf.conf?
I get this:
root@hellspawn:/root# grep states /etc/pf.conf
set limit { states unlimited, frags 5000 }
root@hellspawn:/root# grep states /usr/src/etc/pf.conf
#set limit { states unlimited, frags 5000 }
root@hellspaw
19 matches
Mail list logo
