diff options
| author | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2004-02-04 11:09:34 +0000 |
|---|---|---|
| committer | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2004-02-04 11:09:34 +0000 |
| commit | d9de5f2226d703d4c80ab409ee4952a65f926a38 (patch) | |
| tree | cc73eac3a0fd88b93327b14141dee223dd5b36f1 /share/man | |
| parent | 6b28b17d585d454ea87dd8758d18e8ff12486e1f (diff) | |
Document 'set limit src-nodes'
Diffstat (limited to 'share/man')
| -rw-r--r-- | share/man/man5/pf.conf.5 | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index 039b4548963..60dfd88cb99 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pf.conf.5,v 1.289 2004/01/06 09:28:00 cedric Exp $ +.\" $OpenBSD: pf.conf.5,v 1.290 2004/02/04 11:09:33 mcbride Exp $ .\" .\" Copyright (c) 2002, Daniel Hartmeier .\" All rights reserved. @@ -369,10 +369,21 @@ sets the maximum number of entries in the memory pool used for fragment reassembly (generated by .Ar scrub rules) to 20000. +Finally, +.Bd -literal -offset indent +set limit src-nodes 2000 +.Ed +.Pp +sets the maximum number of entries in the memory pool used for tracking +source ip addresses (generated by the +.Ar sticky-address +and +.Ar source-tracking +options) to 2000. .Pp These can be combined: .Bd -literal -offset indent -set limit { states 20000, frags 20000 } +set limit { states 20000, frags 20000, src-nodes 2000 } .Ed .Pp .It Ar set optimization @@ -2562,7 +2573,7 @@ timeout = ( "tcp.first" | "tcp.opening" | "tcp.established" | "adaptive.start" | "adaptive.end" ) number limit-list = limit-item [ [ "," ] limit-list ] -limit-item = ( "states" | "frags" ) number +limit-item = ( "states" | "frags" | "src-nodes" ) number pooltype = ( "bitmask" | "random" | "source-hash" [ ( hex-key | string-key ) ] | |