tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

NPF ruleset limit in -7?



I seem to recall a limit on loading rulesets with NPF at some time in the past. I ask because of:

# egrep "^[[:space:]]*(pass|block)" /etc/npf.conf | wc -l
     127
# npfctl reload
npfctl: npfctl_config_send: Invalid argument
# npfctl validate > /dev/null
# echo $?
0
# ls -l /etc/npf.conf
-rw-r--r--  1 root  wheel  17684 Oct 15 16:40 /etc/npf.conf

Doing some trimming:

# egrep "^[[:space:]]*(pass|block)" /etc/npf.conf | wc -l
     101
# npfctl reload
#

Adding 1 extra innocuous line like "pass in from 10.0.0.0/16 to any port 5298":

# egrep "^[[:space:]]*(pass|block)" /etc/npf.conf | wc -l
     102
# npfctl reload
npfctl: npfctl_config_send: Invalid argument

This is on:
NetBSD netmanager 7.1_STABLE NetBSD 7.1_STABLE (NETMANRAID) #37: Thu Feb 1 09:02:09 GMT 2018

--
Stephen



Home | Main Index | Thread Index | Old Index