diff options
Diffstat (limited to 'share')
-rw-r--r-- | share/man/man5/pf.conf.5 | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index 7aec79bbc76..96889f60152 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pf.conf.5,v 1.520 2012/07/10 17:22:52 jmc Exp $ +.\" $OpenBSD: pf.conf.5,v 1.521 2012/09/20 09:43:49 camield Exp $ .\" .\" Copyright (c) 2002, Daniel Hartmeier .\" All rights reserved. @@ -27,7 +27,7 @@ .\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: July 10 2012 $ +.Dd $Mdocdate: September 20 2012 $ .Dt PF.CONF 5 .Os .Sh NAME @@ -1177,9 +1177,14 @@ to 20000: .Dl set limit states 20000 .Pp To set the maximum number of entries in the memory pool used for fragment -reassembly to 20000: +reassembly to 2000: .Pp -.Dl set limit frags 20000 +.Dl set limit frags 2000 +.Pp +This maximum may not exceed, and should be well below, the maximum number +of mbuf clusters +.Pq sysctl kern.maxclusters +in the system. .Pp To set the maximum number of entries in the memory pool used for tracking source IP addresses (generated by the @@ -1202,7 +1207,7 @@ in tables to 100000. .Pp Various limits can be combined on a single line: .Bd -literal -offset indent -set limit { states 20000, frags 20000, src-nodes 2000 } +set limit { states 20000, frags 2000, src-nodes 2000 } .Ed .It Ar set loginterface Enable collection of packet and byte count statistics for the given |