10.3-STABLE - PF - possible regression in pf.conf set timeout interval
Damien Fleuriot
ml at my.gd
Mon May 9 14:58:55 UTC 2016
Hello list,
== CONTEXT ==
I've upgraded 3 boxes from 10.3-PRERELEASE #13 (04/04/16) to 10.3-STABLE
#17 (09/05/16)
Dates in d/m/Y format.
I'm afraid, since I use svnup, I cannot provide SVN revs.
== PROBLEM DESCRIPTION ==
Since the upgrade, pf rules won't load anymore at boot time, nor even
manually with pfctl -f /etc/pf.conf :
# pfctl -f /etc/pf.conf
/etc/pf.conf:24: syntax error
pfctl: Syntax error in config file: pf rules not loaded
The problematic line is :
set timeout interval 10
== FURTHER TESTING ==
Values other than 10 also cause the issue.
Tested using tabs or spaces, issue still arises.
Commenting the line fixes the issue.
== CONCLUSION ==
Displaying pf timers shows that the default 10s value is applied, when the
configuration directive is commented from /etc/pf.conf :
# pfctl -st | grep interval
interval 10s
Additionally, the "set timeout interval" directive still exists in man 5
pf.conf.
This leads me to believe the directive should still be supported, and this
may be an unintentional regression.
Can anyone check if they also encounter the issue ?
More information about the freebsd-stable
mailing list