NPF ruleset limit in -7?

To: tech-net%netbsd.org@localhost
Subject: NPF ruleset limit in -7?
From: Stephen Borrill <netbsd%precedence.co.uk@localhost>
Date: Mon, 15 Oct 2018 16:55:15 +0100 (BST)

I seem to recall a limit on loading rulesets with NPF at some time in thepast. I ask because of:


# egrep "^[[:space:]]*(pass|block)" /etc/npf.conf | wc -l
     127
# npfctl reload
npfctl: npfctl_config_send: Invalid argument
# npfctl validate > /dev/null
# echo $?
0
# ls -l /etc/npf.conf
-rw-r--r--  1 root  wheel  17684 Oct 15 16:40 /etc/npf.conf

Doing some trimming:

# egrep "^[[:space:]]*(pass|block)" /etc/npf.conf | wc -l
     101
# npfctl reload
#

Adding 1 extra innocuous line like "pass in from 10.0.0.0/16 to any port5298":


# egrep "^[[:space:]]*(pass|block)" /etc/npf.conf | wc -l
     102
# npfctl reload
npfctl: npfctl_config_send: Invalid argument

This is on:

NetBSD netmanager 7.1_STABLE NetBSD 7.1_STABLE (NETMANRAID) #37: Thu Feb1 09:02:09 GMT 2018


--
Stephen

Follow-Ups:
- Re: NPF ruleset limit in -7?
  - From: Hauke Fath

Prev by Date: Re: Trying to understand stateful npf
Next by Date: Re: NPF ruleset limit in -7?
Previous by Thread: Trying to understand stateful npf
Next by Thread: Re: NPF ruleset limit in -7?
Indexes:

Home | Main Index | Thread Index | Old Index