diff options
-rw-r--r-- | share/man/man5/pf.conf.5 | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index f3f69245f41..a01976b0816 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pf.conf.5,v 1.322 2005/01/01 07:57:53 pascoe Exp $ +.\" $OpenBSD: pf.conf.5,v 1.323 2005/02/24 04:36:45 joel Exp $ .\" .\" Copyright (c) 2002, Daniel Hartmeier .\" All rights reserved. @@ -1955,6 +1955,26 @@ pass in proto tcp from any to any \e When the .Ar source-track keyword is specified, the number of states per source IP is tracked. +.Pp +.Bl -tag -width xxxx -compact +.It Ar source-track rule +The maximum number of states created by this rule is limited by the rule's +.Ar max-src-nodes +and +.Ar max-src-state +options. +Only state entries created by this particular rule count toward the rule's +limits. +.It Ar source-track global +The number of states created by all rules that use this option is limited. +Each rule can specify different +.Ar max-src-nodes +and +.Ar max-src-states +options, however state entries created by any participating rule count towards +each individual rule's limits. +.El +.Pp The following limits can be set: .Pp .Bl -tag -width xxxx -compact |