mirror of
https://github.com/opnsense/src.git
synced 2026-06-12 18:20:49 -04:00
pf.conf.5: document limit-item "anchors"; from martin vahlensieck
while here, rework the "set limit" section:
- use a simple list
- add some missing defaults and limit-item
mbuhl helped fill in some of the blanks
ok kn
Obtained from: OpenBSD, jmc <jmc@openbsd.org>, 4fbb390c4b
Sponsored by: Rubicon Communications, LLC ("Netgate")
This commit is contained in:
Kristof Provost
parent
029532e77b
commit
d8761e109d
1 changed files with 24 additions and 37 deletions
|
|
@ -27,7 +27,7 @@
|
|||
.\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
.\" POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd July 18, 2025
|
||||
.Dd July 30, 2025
|
||||
.Dt PF.CONF 5
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
|
@ -392,50 +392,37 @@ See
|
|||
.Xr zone 9
|
||||
for an explanation of memory pools.
|
||||
.Pp
|
||||
For example,
|
||||
.Bd -literal -offset indent
|
||||
set limit states 20000
|
||||
.Ed
|
||||
.Pp
|
||||
sets the maximum number of entries in the memory pool used by state table
|
||||
entries (generated by
|
||||
Limits can be set on the following:
|
||||
.Bl -tag -width pktdelay_pkts
|
||||
.It Cm states
|
||||
Set the maximum number of entries in the memory pool used by state table
|
||||
entries (those generated by
|
||||
.Ar pass
|
||||
rules which do not specify
|
||||
.Ar no state )
|
||||
to 20000.
|
||||
Using
|
||||
.Bd -literal -offset indent
|
||||
set limit frags 20000
|
||||
.Ed
|
||||
.Pp
|
||||
sets the maximum number of entries in the memory pool used for fragment
|
||||
reassembly (generated by the
|
||||
.Ar set reassemble
|
||||
option or
|
||||
.Ar scrub
|
||||
rules) to 20000.
|
||||
Using
|
||||
.Bd -literal -offset indent
|
||||
set limit src-nodes 2000
|
||||
.Ed
|
||||
.Pp
|
||||
sets the maximum number of entries in the memory pool used for tracking
|
||||
.Cm no state ) .
|
||||
The default is 100000.
|
||||
.It Cm src-nodes
|
||||
Set the maximum number of entries in the memory pool used for tracking
|
||||
source IP addresses (generated by the
|
||||
.Ar sticky-address
|
||||
and
|
||||
.Ar src.track
|
||||
options) to 2000.
|
||||
Using
|
||||
.Bd -literal -offset indent
|
||||
set limit table-entries 100000
|
||||
.Ed
|
||||
options).
|
||||
The default is 10000.
|
||||
.It Cm table-entries
|
||||
Set the number of addresses that can be stored in tables.
|
||||
The default is 200000.
|
||||
.It Cm anchors
|
||||
Set the number of anchors that can exist.
|
||||
The default is 512.
|
||||
.It Cm eth-anchors
|
||||
Set the number of anchors that can exist.
|
||||
The default is 512.
|
||||
.El
|
||||
.Pp
|
||||
sets the limit on the overall number of addresses that can be stored
|
||||
in tables to 100000.
|
||||
.Pp
|
||||
Various limits can be combined on a single line:
|
||||
Multiple limits can be combined on a single line:
|
||||
.Bd -literal -offset indent
|
||||
set limit { states 20000, frags 20000, src-nodes 2000 }
|
||||
set limit { states 20000, frags 2000, src-nodes 2000 }
|
||||
.Ed
|
||||
.It Ar set ruleset-optimization
|
||||
.Bl -tag -width xxxxxxxx -compact
|
||||
|
|
|
|||
Loading…
Reference in a new issue