On 22 May 2025 16:34:03 GMT+10:00, Alexandr Nedvedicky <[email protected]> wrote: >CVSROOT: /cvs >Module name: src >Changes by: [email protected] 2025/05/22 00:34:03 > >Modified files: > sbin/pfctl : pfctl.c > sys/net : pf_ioctl.c > >Log message: >The current way to adjust pf(4) limits in pf.conf(5) is inconvenient. >For example when ruleset uses more than 512 anchors (the current default >limit) one would typically add 'set limit anchor 1024' to adjust >the limit so the 'pf.conf(5)' gets processed. Unfortunately it >does not work because limit gets changed with DIOCXCOMMIT which >is too late. The pf.conf(5) fails to load the anchors to transaction, >because the old lower limit is still in place. To fix it we must >set the limit as soon as we parse 'set limit ...' option. > >The issue has been reported and fix tested by rafal _dot_ ramocki _von_ eo.pl > >OK @bluhm >
