freebsd-skq/sbin
Kristof Provost 542feeff96 pfctl: Point users to net.pf.request_maxcount if large requests are rejected
The kernel will reject very large tables to avoid resource exhaustion
attacks. Some users run into this limit with legitimate table
configurations.

The error message in this case was not very clear:

    pf.conf:1: cannot define table nets: Invalid argument
    pfctl: Syntax error in config file: pf rules not loaded

If a table definition fails we now check the request_maxcount sysctl,
and if we've tried to create more than that point the user at
net.pf.request_maxcount:

    pf.conf:1: cannot define table nets: too many elements.
    Consider increasing net.pf.request_maxcount.
    pfctl: Syntax error in config file: pf rules not loaded

PR:		235076
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D18909
2019-01-28 08:36:10 +00:00
..
adjkerntz various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
bectl libbe(3): Change be_mount to mount/unmount child datasets 2019-01-10 03:27:20 +00:00
bsdlabel Move disktab to sbin/bsdlabel/ 2018-09-18 20:52:24 +00:00
camcontrol NVME support is only for x86 and powerpc64. 2018-06-14 01:15:19 +00:00
ccdconfig ccdconfig: Move VCS tags to be more consistent with our style. 2017-12-30 00:26:42 +00:00
clri In preparation for adding inode check-hashes, clean up and 2018-11-13 21:40:56 +00:00
comcontrol various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
conscontrol various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
ddb Move ddb.conf to sbin/ddb/ and switch to CONFS. 2018-08-11 13:25:39 +00:00
decryptcore Make decryptcore(8) buildable. 2018-09-19 07:07:03 +00:00
devd devd.conf(5): simplify regex 2019-01-27 15:29:58 +00:00
devfs Move all devfs related files to sbin/devfs/ 2018-08-22 15:55:23 +00:00
devmatch Add in a missing newline 2018-08-25 15:47:52 +00:00
dhclient capsicum: use a new capsicum helpers in tools 2018-11-04 19:24:49 +00:00
dmesg General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
dump Normally when an attempt is made to mount a UFS/FFS filesystem whose 2018-12-06 00:09:39 +00:00
dumpfs The goal of this change is to prevent accidental foot shooting by 2018-02-08 23:06:58 +00:00
dumpon Avoid clobbering a user-specified -g value after r340547. 2018-11-20 18:10:56 +00:00
etherswitchcfg Finish removing FDDI and tokenring media support. 2018-04-23 21:10:33 +00:00
fdisk Allow fdisk(8) to deal with sectors larger than 2048 2018-10-25 12:13:13 +00:00
ffsinfo In preparation for adding inode check-hashes, clean up and 2018-11-13 21:40:56 +00:00
fsck various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
fsck_ffs Fsck would find, report, and offer to fix inode check-hash failures. 2018-12-15 17:32:47 +00:00
fsck_msdosfs Detect and handle invalid number of FATs 2018-07-13 02:02:16 +00:00
fsdb In preparation for adding inode check-hashes, change the fsck_ffs 2018-10-31 05:17:53 +00:00
fsirand Continuing efforts to provide hardening of FFS. This change adds a 2018-12-11 22:14:37 +00:00
gbde various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
geom Add the "-t" option to geom(8) utility, to display geoms hierarchy. 2018-09-14 15:29:45 +00:00
ggate ggated: do not expose stack data in sendfail() 2018-12-04 15:25:15 +00:00
growfs Normally when an attempt is made to mount a UFS/FFS filesystem whose 2018-12-06 00:09:39 +00:00
gvinum gvinum: revert WARNS change in Makefile 2018-06-17 01:39:22 +00:00
hastctl various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
hastd Revert 335888 ("Ensure va_list is declared by including stdarg.h.") 2018-07-03 15:48:34 +00:00
ifconfig ifconfig: drop unused macros from ifieee80211.c 2019-01-23 13:07:05 +00:00
init Move the rc framework out of sbin/init into libexec/rc. 2018-10-17 16:49:11 +00:00
ipf rescue ipf: Remove hacks and link in libipf directly. 2017-11-10 07:52:58 +00:00
ipfw Allow use underscores and dots in service names without escaping. 2018-12-21 10:41:45 +00:00
iscontrol various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
kldconfig various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
kldload various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
kldstat Allow three digits of module id without breaking table alignment. 2018-07-02 09:14:00 +00:00
kldunload various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
ldconfig Make ldconfig(8) atomic, by removing an unneccessary call to unlink(2) 2018-08-09 11:46:12 +00:00
md5 capsicum: use a new capsicum helpers in tools 2018-11-04 19:24:49 +00:00
mdconfig Use VOP_ADVISE() with POSIX_FADV_DONTNEED instead of IO_DIRECT to 2018-12-21 08:15:31 +00:00
mdmfs mdmfs(8): Check for other types of helper-program failure 2018-10-20 21:33:00 +00:00
mknod General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
mksnap_ffs various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
mount When getting mount information for all filesystems, mount uses the 2018-08-07 21:17:45 +00:00
mount_cd9660 Advise reader to also see mdconfig(8) in mount_cd9660(8). 2018-08-11 08:34:24 +00:00
mount_fusefs mount_fusefs.8: expand HISTORY section 2018-11-17 21:35:01 +00:00
mount_msdosfs mount_msdosfs: do not fail mounts requiring locale name conversion table 2018-10-27 16:41:34 +00:00
mount_nfs General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
mount_nullfs General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
mount_udf General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
mount_unionfs General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
nandfs various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
natd DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
newfs Update tunefs and newfs error messages for the -L (volume label) option 2019-01-26 22:27:12 +00:00
newfs_msdos Added option to cluster-align the start of the root directory. 2018-06-15 06:03:40 +00:00
newfs_nandfs various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
nfsiod General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
nos-tun various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
nvmecontrol Try the first 256 units with nvmecontrol devlist. 2018-12-21 23:22:37 +00:00
pfctl pfctl: Point users to net.pf.request_maxcount if large requests are rejected 2019-01-28 08:36:10 +00:00
pflogd DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
ping Use caph_enter_casper() in ping(8). 2018-12-18 16:47:03 +00:00
ping6 General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
quotacheck Normally when an attempt is made to mount a UFS/FFS filesystem whose 2018-12-06 00:09:39 +00:00
rcorder rcorder(8): add support for /etc/rc.resume, so it calls "rcorder -k resume" 2018-10-27 17:21:13 +00:00
reboot Fix "fasthalt" to halt instead of reboot 2018-09-14 18:12:30 +00:00
recoverdisk SPDX: use the Beerware identifier. 2017-11-30 20:33:45 +00:00
resolvconf sbin: normalize paths using SRCTOP-relative paths or :H when possible 2017-03-04 11:33:01 +00:00
restore Re-enable reading byte swapped NFS_MAGIC dumps. 2018-08-11 16:12:23 +00:00
route route(8): clarify -prefixlen description 2019-01-10 00:10:12 +00:00
routed When bind fails, make sure we closed the socket we tried to bind the 2017-12-28 05:34:24 +00:00
rtsol Capsicumize rtsol(8) and rtsold(8). 2019-01-05 16:05:39 +00:00
savecore Disable savecore(8)'s libcasper support when WITHOUT_DYNAMICROOT=yes. 2019-01-04 19:20:19 +00:00
sconfig DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
setkey General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
shutdown shutdown: Fix r327476 by adding init 2018-01-02 09:02:42 +00:00
spppcontrol various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
sunlabel General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
swapon General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
sysctl sysctl(8): Add a standard exit status section. 2018-09-24 20:46:45 +00:00
tests Merge ^/user/ngie/release-pkg-fix-tests to unbreak how test files are installed 2016-05-04 23:20:53 +00:00
tunefs Update tunefs and newfs error messages for the -L (volume label) option 2019-01-26 22:27:12 +00:00
umount umount: remove sync(2) call when used with -f 2018-09-13 13:57:42 +00:00
zfsbootcfg DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
Makefile Rename be(1) to bectl(8); continues to live in /sbin 2018-07-24 13:21:44 +00:00
Makefile.amd64 NVME support is only for x86 and powerpc64. 2018-06-14 01:15:19 +00:00
Makefile.arm
Makefile.i386 NVME support is only for x86 and powerpc64. 2018-06-14 01:15:19 +00:00
Makefile.inc
Makefile.mips
Makefile.powerpc64 NVME support is only for x86 and powerpc64. 2018-06-14 01:15:19 +00:00
Makefile.sparc64