Hello,
I'm sorry about it. The message is bogus and can be ignored. This is caused
because pfctl(9) arms atexit(3) handler to restore limits when it opens /dev/pf
for writing. Diff below makes pfctl(8) to arm atexit handler to restore limits
if and only if those limits get changed.
let me know if diff below works for you.
thanks and
regards
sashan
--------8<---------------8<---------------8<------------------8<--------
diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
index 96f7b9dac06..517bc4b861c 100644
--- a/sbin/pfctl/pfctl.c
+++ b/sbin/pfctl/pfctl.c
@@ -1935,6 +1935,7 @@ int
pfctl_load_limit(struct pfctl *pf, unsigned int index, unsigned int limit)
{
struct pfioc_limit pl;
+ static int restore_limit_handler_armed = 0;
memset(&pl, 0, sizeof(pl));
pl.index = index;
@@ -1947,6 +1948,9 @@ pfctl_load_limit(struct pfctl *pf, unsigned int index,
unsigned int limit)
warnx("Cannot set %s limit to %u",
pf_limits[index].name, limit);
return (1);
+ } else if (restore_limit_handler_armed == 0) {
+ atexit(pfctl_restore_limits);
+ restore_limit_handler_armed = 1;
}
return (0);
}
@@ -2781,7 +2785,6 @@ main(int argc, char *argv[])
if (dev == -1)
err(1, "%s", pf_device);
pfctl_read_limits(dev);
- atexit(pfctl_restore_limits);
} else {
dev = open(pf_device, O_RDONLY);
if (dev >= 0) {
