Project

General

Profile

Actions
Copy link

Bug #16893

open

pfBlockerNG can create inconsistency in default Firewall Maximum Table Entries value

Added by Georgiy Tyutyunnik 1 day ago. Updated 1 day ago.

Status:
Confirmed
Priority:
Low
Assignee:
-
Category:
pfBlockerNG
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:

Description

Steps to reproduce:
1) set Firewall Maximum Table Entries value to none, thus setting it to a default value;
2) install pfBlockerNG - it sets 2000000 (2 mil) Firewall Maximum Table Entries value on install;
3) uninstall pfBlockerNG - it keeps 2000000 (2 mil) Firewall Maximum Table Entries value;
4) set Firewall Maximum Table Entries value to none. Default value keeps being 2000000 (2 mil);
5) reboot the filrewall. Default value resets to the amount it was before pfBlockerNG was installed.

pfctl -sm confirms the Default value still being increased after the package uninstall.
pfctl -sm
states hard limit 805000
src-nodes hard limit 805000
frags hard limit 5000
table-entries hard limit 2000000
anchors hard limit 512
eth-anchors hard limit 0

Screenshots of the WebGUI attached

Files

Download all files
pfb_uninstalled_fixed_value_removed_6100.png (166 KB) pfb_uninstalled_fixed_value_removed_6100.png Georgiy Tyutyunnik, 06/10/2026 08:23 AM
clean_6100.png (112 KB) clean_6100.png Georgiy Tyutyunnik, 06/10/2026 08:23 AM
pfb_installed_6100.png (143 KB) pfb_installed_6100.png Georgiy Tyutyunnik, 06/10/2026 08:23 AM
Actions
Copy link
 #1

Updated by Lev Prokofev 1 day ago

  • Status changed from New to Confirmed

I can confirm this, tested on:

26.11-DEVELOPMENT (amd64)
built on Fri Jun 5 19:29:00 UTC 2026
FreeBSD 16.0-CURRENT
Actions
Copy link

Also available in: Atom PDF