Damien Fleuriot
2016-May-09 14:58 UTC
10.3-STABLE - PF - possible regression in pf.conf set timeout interval
Hello list, == CONTEXT = I've upgraded 3 boxes from 10.3-PRERELEASE #13 (04/04/16) to 10.3-STABLE #17 (09/05/16) Dates in d/m/Y format. I'm afraid, since I use svnup, I cannot provide SVN revs. == PROBLEM DESCRIPTION = Since the upgrade, pf rules won't load anymore at boot time, nor even manually with pfctl -f /etc/pf.conf : # pfctl -f /etc/pf.conf /etc/pf.conf:24: syntax error pfctl: Syntax error in config file: pf rules not loaded The problematic line is : set timeout interval 10 == FURTHER TESTING = Values other than 10 also cause the issue. Tested using tabs or spaces, issue still arises. Commenting the line fixes the issue. == CONCLUSION = Displaying pf timers shows that the default 10s value is applied, when the configuration directive is commented from /etc/pf.conf : # pfctl -st | grep interval interval 10s Additionally, the "set timeout interval" directive still exists in man 5 pf.conf. This leads me to believe the directive should still be supported, and this may be an unintentional regression. Can anyone check if they also encounter the issue ?
Kristof Provost
2016-May-09 15:15 UTC
10.3-STABLE - PF - possible regression in pf.conf set timeout interval
> On 09 May 2016, at 16:58, Damien Fleuriot <ml at my.gd> wrote: > > Since the upgrade, pf rules won't load anymore at boot time, nor even > manually with pfctl -f /etc/pf.conf : > # pfctl -f /etc/pf.conf > /etc/pf.conf:24: syntax error > pfctl: Syntax error in config file: pf rules not loaded > > The problematic line is : > set timeout interval 10 >I think that was broken by the commit which added ALTQ support for CoDel. It made ?interval? a keyword, and it looks like that breaks things for you. I?ve cced loos so he can take a look. Regards, Kristof