Bug #13408
closed
PF can fail to load a new ruleset
100%
Description
In some circumstances pfctl fails to load the rulset after it's updated. It shows errors like:
There were error(s) loading the rules: pfctl: pfctl_rules - The line in question reads [0]: @ 2022-08-04 19:43:08
The ruleset file, /tmp/rules.debug, appears correctly populated.
Trying to load the ruleset manually with verbose logging shows on the same error and not the expected rule list.
Trussing pfctl shows only that is cannot access pf to load the rules after boot:
ioctl(3,DIOCXBEGIN,0xbfbfd9d0) ERR#16 'Device busy'
Most users who have seen this have rebooted and loaded the ruleset successfully but not all.
This is not only immediately after upgrade where there may be components of the previous release still present.
We are seeing this in 22.05-rel but have previously seen similar errors in 2.7 snapshots
Updated by Kristof Provost about 2 years ago
- Status changed from New to Ready To Test
This will be fixed by https://cgit.freebsd.org/src/commit/?id=6ab80e7275091c900da8d2e84a7b0bb4c34a1e41
I've also merged it into devel-12 as b2f21e9050cd2748afc721ee8e41a5fcbf5973ed
Updated by Jim Pingle about 2 years ago
- Plus Target Version changed from 22.11 to 23.01
Updated by Jim Pingle about 2 years ago
- Status changed from Ready To Test to Feedback
- Assignee set to Kristof Provost
- % Done changed from 0 to 100
Updated by Jim Pingle almost 2 years ago
- Subject changed from pfctl can fail to load a new ruleset. to PF can fail to load a new ruleset
Updated by Jim Pingle almost 2 years ago
- Status changed from Feedback to Resolved
I haven't seen this happen (or any reports of it happening) on snapshots since the fix went in.