pf: Initialize the table entry zone limit at initialization time
    
    The limit may later be updated by the "set limit" directive in pf.conf.
    UMA does not permit a limit to be set on a zone after any items have
    been allocated from a zone.
    
    Other UMA zones used by pf do not appear to be susceptible to this
    problem: they either set a limit at zone creation time or never set one
    at all.
    
    PR:             260406
    Reviewed by:    kp
    Sponsored by:   The FreeBSD Foundation
    
    (cherry picked from commit 7d1ab866911a2b29e041d64bc83a93638533f957)
--- sys/netpfil/pf/pf_table.c.orig
+++ sys/netpfil/pf/pf_table.c
@@ -210,6 +210,7 @@
 	V_pfr_kentry_z = uma_zcreate("pf table entries",
 	    sizeof(struct pfr_kentry), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR,
 	    0);
+	uma_zone_set_max(V_pfr_kentry_z, PFR_KENTRY_HIWAT);
 	V_pf_limits[PF_LIMIT_TABLE_ENTRIES].zone = V_pfr_kentry_z;
 	V_pf_limits[PF_LIMIT_TABLE_ENTRIES].limit = PFR_KENTRY_HIWAT;
 }