d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
95f237c2f6
freebsd-dev/sbin/pfctl
History
Kristof Provost 542feeff96 pfctl: Point users to net.pf.request_maxcount if large requests are rejected 
The kernel will reject very large tables to avoid resource exhaustion
attacks. Some users run into this limit with legitimate table
configurations.

The error message in this case was not very clear:

    pf.conf:1: cannot define table nets: Invalid argument
    pfctl: Syntax error in config file: pf rules not loaded

If a table definition fails we now check the request_maxcount sysctl,
and if we've tried to create more than that point the user at
net.pf.request_maxcount:

    pf.conf:1: cannot define table nets: too many elements.
    Consider increasing net.pf.request_maxcount.
    pfctl: Syntax error in config file: pf rules not loaded

PR:		235076
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D18909
2019-01-28 08:36:10 +00:00
..
tests pfctl test: Add a test for macro names with a space in it 2018-10-28 05:50:04 +00:00
Makefile Move pf.os to sbin/pfctl/ 2018-08-11 13:58:26 +00:00
Makefile.depend DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
parse.y pfctl: Point users to net.pf.request_maxcount if large requests are rejected 2019-01-28 08:36:10 +00:00
pf_print_state.c various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
pf.os Move pf.os to sbin/pfctl/ 2018-08-11 13:58:26 +00:00
pfctl_altq.c Remove unused function gsc_destroy() 2019-01-22 02:53:59 +00:00
pfctl_optimize.c pfctl(8): Fix two wrong conditions. 2018-01-27 22:57:01 +00:00
pfctl_osfp.c pfctl: Make most global variables static. 2016-08-04 19:24:44 +00:00
pfctl_parser.c Reduce pf.conf parsing cost for configs that define N queues from O(N^2) to O(N) 2019-01-22 00:50:24 +00:00
pfctl_parser.h Reduce pf.conf parsing cost for configs that define N queues from O(N^2) to O(N) 2019-01-22 00:50:24 +00:00
pfctl_qstats.c Extended pf(4) ioctl interface and pfctl(8) to allow bandwidths of 2018-08-22 19:38:48 +00:00
pfctl_radix.c various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
pfctl_table.c various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
pfctl.8 pf: Return non-zero from 'status' if pf is not enabled 2018-06-06 19:36:37 +00:00
pfctl.c pfctl: Fix 'set skip' handling for groups 2019-01-13 05:30:26 +00:00
pfctl.h Reduce pf.conf parsing cost for configs that define N queues from O(N^2) to O(N) 2019-01-22 00:50:24 +00:00