summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--share/man/man5/pf.conf.522
1 files changed, 21 insertions, 1 deletions
diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5
index f3f69245f41..a01976b0816 100644
--- a/share/man/man5/pf.conf.5
+++ b/share/man/man5/pf.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: pf.conf.5,v 1.322 2005/01/01 07:57:53 pascoe Exp $
+.\" $OpenBSD: pf.conf.5,v 1.323 2005/02/24 04:36:45 joel Exp $
.\"
.\" Copyright (c) 2002, Daniel Hartmeier
.\" All rights reserved.
@@ -1955,6 +1955,26 @@ pass in proto tcp from any to any \e
When the
.Ar source-track
keyword is specified, the number of states per source IP is tracked.
+.Pp
+.Bl -tag -width xxxx -compact
+.It Ar source-track rule
+The maximum number of states created by this rule is limited by the rule's
+.Ar max-src-nodes
+and
+.Ar max-src-state
+options.
+Only state entries created by this particular rule count toward the rule's
+limits.
+.It Ar source-track global
+The number of states created by all rules that use this option is limited.
+Each rule can specify different
+.Ar max-src-nodes
+and
+.Ar max-src-states
+options, however state entries created by any participating rule count towards
+each individual rule's limits.
+.El
+.Pp
The following limits can be set:
.Pp
.Bl -tag -width xxxx -compact