Mailing List Archive

From:: Stuart Henderson <stu@spacehopper.org>
Subject:: Re: disturbing pfctl behavior in 7.8
To:: Ross L Richardson <openbsd@rlr.id.au>
Cc:: Jacob Leifman <jacobl@bitwise.net>, tech@openbsd.org
Date:: Sun, 23 Nov 2025 10:54:51 +0000

Download raw body.

Thread

2025-11-22 23:07 Jacob Leifman:
disturbing pfctl behavior in 7.8
- 2025-11-23 03:28 Ross L Richardson:
  disturbing pfctl behavior in 7.8
- - 2025-11-23 10:54 Stuart Henderson:
    disturbing pfctl behavior in 7.8

On 2025/11/23 14:28, Ross L Richardson wrote:
> On Sat, Nov 22, 2025 at 06:07:08PM -0500, Jacob Leifman wrote:
> > Recently upgraded a bunch of OpenBSD servers to 7.8 with all (6) official
> > patches; a few bare-metal, the rest VMs, unfortunately all amd64.
> >[...]
> > /root:36# pfctl -t nosuch -Ts
> > pfctl: Table does not exist
> > pfctl: DIOCSETLIMIT (states): Permission denied
> >[...]
> > If this is a known issue, is there a patch I can apply? Otherwise, what
> > additional diagnostics can I provide?
> 
> It is a known issue (and fixed in -current).  See
> 	https://marc.info/?t=176128448300001&r=1&w=2

Fix is https://github.com/openbsd/src/commit/67a69daaf0274be0c5505250c05e4083c34171f2

Or you can ignore the bogus warnings.

2025-11-22 23:07 Jacob Leifman:
disturbing pfctl behavior in 7.8
- 2025-11-23 03:28 Ross L Richardson:
  disturbing pfctl behavior in 7.8
- - 2025-11-23 10:54 Stuart Henderson:
    disturbing pfctl behavior in 7.8