From f50df3d70f76d94947369d017d33e04cb83f6c5c Mon Sep 17 00:00:00 2001 From: Ryan Thomas McBride Date: Tue, 10 Jun 2008 20:55:03 +0000 Subject: Make counters on table addresses optional and disabled by default. Use the 'counters' table option in pf.conf if you actually need them. If enabled, memory is not allocated until packets match an address. This saves about 40% memory if counters are not being used, and paves the way for some more significant cleanups coming soon. ok henning mpf deraadt --- share/man/man5/pf.conf.5 | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'share/man/man5') diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index 2212333e107..4b3f03dd8ff 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pf.conf.5,v 1.400 2008/06/10 16:52:10 jmc Exp $ +.\" $OpenBSD: pf.conf.5,v 1.401 2008/06/10 20:55:01 mcbride Exp $ .\" .\" Copyright (c) 2002, Daniel Hartmeier .\" All rights reserved. @@ -183,6 +183,11 @@ can be used to add or remove addresses from the table at any time, even when running with .Xr securelevel 7 = 2. +.It Ar counters +The +.Ar counters +flag enables per-address packet and byte counters which can be displayed with +.Xr pfctl 8 . .El .Pp For example, @@ -2864,7 +2869,7 @@ antispoof-rule = "antispoof" [ "log" ] [ "quick" ] table-rule = "table" "\*(Lt" string "\*(Gt" [ tableopts-list ] tableopts-list = tableopts-list tableopts | tableopts -tableopts = "persist" | "const" | "file" string | +tableopts = "persist" | "const" | "counters" | "file" string | "{" [ tableaddr-list ] "}" tableaddr-list = tableaddr-list [ "," ] tableaddr-spec | tableaddr-spec tableaddr-spec = [ "!" ] tableaddr [ "/" mask-bits ] -- cgit v1.2.3