1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-24 11:29:10 +00:00
freebsd/sbin
Kristof Provost 542feeff96 pfctl: Point users to net.pf.request_maxcount if large requests are rejected
The kernel will reject very large tables to avoid resource exhaustion
attacks. Some users run into this limit with legitimate table
configurations.

The error message in this case was not very clear:

    pf.conf:1: cannot define table nets: Invalid argument
    pfctl: Syntax error in config file: pf rules not loaded

If a table definition fails we now check the request_maxcount sysctl,
and if we've tried to create more than that point the user at
net.pf.request_maxcount:

    pf.conf:1: cannot define table nets: too many elements.
    Consider increasing net.pf.request_maxcount.
    pfctl: Syntax error in config file: pf rules not loaded

PR:		235076
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D18909
2019-01-28 08:36:10 +00:00
..
adjkerntz
bectl libbe(3): Change be_mount to mount/unmount child datasets 2019-01-10 03:27:20 +00:00
bsdlabel Move disktab to sbin/bsdlabel/ 2018-09-18 20:52:24 +00:00
camcontrol NVME support is only for x86 and powerpc64. 2018-06-14 01:15:19 +00:00
ccdconfig ccdconfig: Move VCS tags to be more consistent with our style. 2017-12-30 00:26:42 +00:00
clri In preparation for adding inode check-hashes, clean up and 2018-11-13 21:40:56 +00:00
comcontrol
conscontrol
ddb Move ddb.conf to sbin/ddb/ and switch to CONFS. 2018-08-11 13:25:39 +00:00
decryptcore Make decryptcore(8) buildable. 2018-09-19 07:07:03 +00:00
devd devd.conf(5): simplify regex 2019-01-27 15:29:58 +00:00
devfs Move all devfs related files to sbin/devfs/ 2018-08-22 15:55:23 +00:00
devmatch Add in a missing newline 2018-08-25 15:47:52 +00:00
dhclient capsicum: use a new capsicum helpers in tools 2018-11-04 19:24:49 +00:00
dmesg
dump Normally when an attempt is made to mount a UFS/FFS filesystem whose 2018-12-06 00:09:39 +00:00
dumpfs The goal of this change is to prevent accidental foot shooting by 2018-02-08 23:06:58 +00:00
dumpon Avoid clobbering a user-specified -g value after r340547. 2018-11-20 18:10:56 +00:00
etherswitchcfg Finish removing FDDI and tokenring media support. 2018-04-23 21:10:33 +00:00
fdisk Allow fdisk(8) to deal with sectors larger than 2048 2018-10-25 12:13:13 +00:00
ffsinfo In preparation for adding inode check-hashes, clean up and 2018-11-13 21:40:56 +00:00
fsck
fsck_ffs Fsck would find, report, and offer to fix inode check-hash failures. 2018-12-15 17:32:47 +00:00
fsck_msdosfs Detect and handle invalid number of FATs 2018-07-13 02:02:16 +00:00
fsdb In preparation for adding inode check-hashes, change the fsck_ffs 2018-10-31 05:17:53 +00:00
fsirand Continuing efforts to provide hardening of FFS. This change adds a 2018-12-11 22:14:37 +00:00
gbde
geom Add the "-t" option to geom(8) utility, to display geoms hierarchy. 2018-09-14 15:29:45 +00:00
ggate ggated: do not expose stack data in sendfail() 2018-12-04 15:25:15 +00:00
growfs Normally when an attempt is made to mount a UFS/FFS filesystem whose 2018-12-06 00:09:39 +00:00
gvinum gvinum: revert WARNS change in Makefile 2018-06-17 01:39:22 +00:00
hastctl
hastd Revert 335888 ("Ensure va_list is declared by including stdarg.h.") 2018-07-03 15:48:34 +00:00
ifconfig ifconfig: drop unused macros from ifieee80211.c 2019-01-23 13:07:05 +00:00
init Move the rc framework out of sbin/init into libexec/rc. 2018-10-17 16:49:11 +00:00
ipf
ipfw Allow use underscores and dots in service names without escaping. 2018-12-21 10:41:45 +00:00
iscontrol
kldconfig
kldload
kldstat Allow three digits of module id without breaking table alignment. 2018-07-02 09:14:00 +00:00
kldunload
ldconfig Make ldconfig(8) atomic, by removing an unneccessary call to unlink(2) 2018-08-09 11:46:12 +00:00
md5 capsicum: use a new capsicum helpers in tools 2018-11-04 19:24:49 +00:00
mdconfig Use VOP_ADVISE() with POSIX_FADV_DONTNEED instead of IO_DIRECT to 2018-12-21 08:15:31 +00:00
mdmfs mdmfs(8): Check for other types of helper-program failure 2018-10-20 21:33:00 +00:00
mknod
mksnap_ffs
mount When getting mount information for all filesystems, mount uses the 2018-08-07 21:17:45 +00:00
mount_cd9660 Advise reader to also see mdconfig(8) in mount_cd9660(8). 2018-08-11 08:34:24 +00:00
mount_fusefs mount_fusefs.8: expand HISTORY section 2018-11-17 21:35:01 +00:00
mount_msdosfs mount_msdosfs: do not fail mounts requiring locale name conversion table 2018-10-27 16:41:34 +00:00
mount_nfs
mount_nullfs
mount_udf
mount_unionfs
nandfs
natd
newfs Update tunefs and newfs error messages for the -L (volume label) option 2019-01-26 22:27:12 +00:00
newfs_msdos Added option to cluster-align the start of the root directory. 2018-06-15 06:03:40 +00:00
newfs_nandfs
nfsiod
nos-tun
nvmecontrol Try the first 256 units with nvmecontrol devlist. 2018-12-21 23:22:37 +00:00
pfctl pfctl: Point users to net.pf.request_maxcount if large requests are rejected 2019-01-28 08:36:10 +00:00
pflogd
ping Use caph_enter_casper() in ping(8). 2018-12-18 16:47:03 +00:00
ping6
quotacheck Normally when an attempt is made to mount a UFS/FFS filesystem whose 2018-12-06 00:09:39 +00:00
rcorder rcorder(8): add support for /etc/rc.resume, so it calls "rcorder -k resume" 2018-10-27 17:21:13 +00:00
reboot Fix "fasthalt" to halt instead of reboot 2018-09-14 18:12:30 +00:00
recoverdisk
resolvconf
restore Re-enable reading byte swapped NFS_MAGIC dumps. 2018-08-11 16:12:23 +00:00
route route(8): clarify -prefixlen description 2019-01-10 00:10:12 +00:00
routed When bind fails, make sure we closed the socket we tried to bind the 2017-12-28 05:34:24 +00:00
rtsol Capsicumize rtsol(8) and rtsold(8). 2019-01-05 16:05:39 +00:00
savecore Disable savecore(8)'s libcasper support when WITHOUT_DYNAMICROOT=yes. 2019-01-04 19:20:19 +00:00
sconfig
setkey
shutdown shutdown: Fix r327476 by adding init 2018-01-02 09:02:42 +00:00
spppcontrol
sunlabel
swapon
sysctl sysctl(8): Add a standard exit status section. 2018-09-24 20:46:45 +00:00
tests
tunefs Update tunefs and newfs error messages for the -L (volume label) option 2019-01-26 22:27:12 +00:00
umount umount: remove sync(2) call when used with -f 2018-09-13 13:57:42 +00:00
zfsbootcfg
Makefile Rename be(1) to bectl(8); continues to live in /sbin 2018-07-24 13:21:44 +00:00
Makefile.amd64 NVME support is only for x86 and powerpc64. 2018-06-14 01:15:19 +00:00
Makefile.arm
Makefile.i386 NVME support is only for x86 and powerpc64. 2018-06-14 01:15:19 +00:00
Makefile.inc
Makefile.mips
Makefile.powerpc64 NVME support is only for x86 and powerpc64. 2018-06-14 01:15:19 +00:00
Makefile.sparc64