I have some anchors that are enabled / disabled based on the time of day / day of week etc. via a crontab entry. In order to prevent pfctl from being invoked concurrently, I use lockf with a fixed file.
I believe a single instance of pfctl is being invoked at any given time. Previously, before I had lockf in place, I would get pfctl errors when my cron jobs ran. That problem has disappeared after using lockf.
That said, I had only started seeing this issue once I moved more rules to anchors earlier this week. I wanted to move more rules to anchors so that I could effectively change most of the firewall while not bringing it down or impacting the entire firewall.
The change I made earlier this week was specifically adding more block anchors, block ips, blocked devices, etc. I added 4 anchors bringing my total # of anchors to 42.
I declare my tables first and if they're persistent, load them as well, followed by declaring my anchors and loading them if they're static.
That said, the anchor in question has 1 global table which are declared prior to the anchor. Why is it complaining about the tables?
To resolve this, I could move the tables into the anchor because in this case, this anchor is the only place it is used, and from a memory standpoint, it'd be more efficient since those tables would be freed up when they're not in use.
But, since I'm not redeclaring the tables in the anchor, why is it complaining? I'm just referring to them in the anchor.
Example:
This is a snippet.
I believe a single instance of pfctl is being invoked at any given time. Previously, before I had lockf in place, I would get pfctl errors when my cron jobs ran. That problem has disappeared after using lockf.
That said, I had only started seeing this issue once I moved more rules to anchors earlier this week. I wanted to move more rules to anchors so that I could effectively change most of the firewall while not bringing it down or impacting the entire firewall.
The change I made earlier this week was specifically adding more block anchors, block ips, blocked devices, etc. I added 4 anchors bringing my total # of anchors to 42.
I declare my tables first and if they're persistent, load them as well, followed by declaring my anchors and loading them if they're static.
That said, the anchor in question has 1 global table which are declared prior to the anchor. Why is it complaining about the tables?
To resolve this, I could move the tables into the anchor because in this case, this anchor is the only place it is used, and from a memory standpoint, it'd be more efficient since those tables would be freed up when they're not in use.
But, since I'm not redeclaring the tables in the anchor, why is it complaining? I'm just referring to them in the anchor.
Example:
This is a snippet.
