On 2025/10/24 16:42, Ross L Richardson wrote: > >Synopsis: pfctl -t tbl -T test addr_not_in_tbl gives errors > >Category: system > >Environment: > System : OpenBSD 7.8 > Details : OpenBSD 7.8-current (GENERIC.MP) #10: Sun Oct 19 11:22:03 > AEDT 2025 > [email protected]:/sys/arch/amd64/compile/GENERIC.MP > > Architecture: OpenBSD.amd64 > Machine : amd64 > >Description: > On 7.8 and -current (on all amd64 hosts tried), > "pfctl -t example -T test addr_not_in_example" results in errors: > 0/1 addresses match. > pfctl: DIOCSETLIMIT (states): Permission denied > pfctl: DIOCSETLIMIT (src-nodes): Permission denied > pfctl: DIOCSETLIMIT (frags): Permission denied > pfctl: DIOCSETLIMIT (tables): Permission denied > pfctl: DIOCSETLIMIT (table-entries): Permission denied > pfctl: DIOCSETLIMIT (pktdelay-pkts): Permission denied > pfctl: DIOCSETLIMIT (anchors): Permission denied > >How-To-Repeat: > # pfctl -t example -T test addr_not_in_example
This was introduced with the "The current way to adjust pf(4) limits in pf.conf(5) is inconvenient" commit of 2025/05/22.
