summaryrefslogtreecommitdiff
path: root/share
diff options
context:
space:
mode:
Diffstat (limited to 'share')
-rw-r--r--share/man/man5/pf.conf.515
1 files changed, 10 insertions, 5 deletions
diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5
index 7aec79bbc76..96889f60152 100644
--- a/share/man/man5/pf.conf.5
+++ b/share/man/man5/pf.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: pf.conf.5,v 1.520 2012/07/10 17:22:52 jmc Exp $
+.\" $OpenBSD: pf.conf.5,v 1.521 2012/09/20 09:43:49 camield Exp $
.\"
.\" Copyright (c) 2002, Daniel Hartmeier
.\" All rights reserved.
@@ -27,7 +27,7 @@
.\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: July 10 2012 $
+.Dd $Mdocdate: September 20 2012 $
.Dt PF.CONF 5
.Os
.Sh NAME
@@ -1177,9 +1177,14 @@ to 20000:
.Dl set limit states 20000
.Pp
To set the maximum number of entries in the memory pool used for fragment
-reassembly to 20000:
+reassembly to 2000:
.Pp
-.Dl set limit frags 20000
+.Dl set limit frags 2000
+.Pp
+This maximum may not exceed, and should be well below, the maximum number
+of mbuf clusters
+.Pq sysctl kern.maxclusters
+in the system.
.Pp
To set the maximum number of entries in the memory pool used for tracking
source IP addresses (generated by the
@@ -1202,7 +1207,7 @@ in tables to 100000.
.Pp
Various limits can be combined on a single line:
.Bd -literal -offset indent
-set limit { states 20000, frags 20000, src-nodes 2000 }
+set limit { states 20000, frags 2000, src-nodes 2000 }
.Ed
.It Ar set loginterface
Enable collection of packet and byte count statistics for the given