Date: Mon, 9 May 2016 16:58:51 +0200 From: Damien Fleuriot <ml@my.gd> To: "freebsd-stable@freebsd.org" <freebsd-stable@freebsd.org> Cc: dfleuriot@hi-media.com Subject: 10.3-STABLE - PF - possible regression in pf.conf set timeout interval Message-ID: <CAE63ME4gNys9i_BnvFXw27QupTwQQomGGVnuiGQrza7jsQ_27A@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello list, == CONTEXT == I've upgraded 3 boxes from 10.3-PRERELEASE #13 (04/04/16) to 10.3-STABLE #17 (09/05/16) Dates in d/m/Y format. I'm afraid, since I use svnup, I cannot provide SVN revs. == PROBLEM DESCRIPTION == Since the upgrade, pf rules won't load anymore at boot time, nor even manually with pfctl -f /etc/pf.conf : # pfctl -f /etc/pf.conf /etc/pf.conf:24: syntax error pfctl: Syntax error in config file: pf rules not loaded The problematic line is : set timeout interval 10 == FURTHER TESTING == Values other than 10 also cause the issue. Tested using tabs or spaces, issue still arises. Commenting the line fixes the issue. == CONCLUSION == Displaying pf timers shows that the default 10s value is applied, when the configuration directive is commented from /etc/pf.conf : # pfctl -st | grep interval interval 10s Additionally, the "set timeout interval" directive still exists in man 5 pf.conf. This leads me to believe the directive should still be supported, and this may be an unintentional regression. Can anyone check if they also encounter the issue ?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAE63ME4gNys9i_BnvFXw27QupTwQQomGGVnuiGQrza7jsQ_27A>