git: 0a67f601fe4f - main - pf.conf.5: hint how to set tcp timeout collectively
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 15 Sep 2025 11:54:23 UTC
The branch main has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=0a67f601fe4f2e8af72cb0f99785cba4c91f7d7c
commit 0a67f601fe4f2e8af72cb0f99785cba4c91f7d7c
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-08-20 14:34:33 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-09-15 09:32:34 +0000
    pf.conf.5: hint how to set tcp timeout collectively
    
    Hint that the tcp timeout values can be adjusted collectively via "set
    optimization".
    
    from jesper wallin
    ok bluhm
    
    Obtained from:  OpenBSD, jmc <jmc@openbsd.org>, df80715c2d
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 share/man/man5/pf.conf.5 | 4 ++++
 1 file changed, 4 insertions(+)
diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5
index 271a83a89ee5..edaa160dddf2 100644
--- a/share/man/man5/pf.conf.5
+++ b/share/man/man5/pf.conf.5
@@ -267,6 +267,10 @@ which corresponds to the connection state.
 Each packet which matches this state will reset the TTL.
 Tuning these values may improve the performance of the
 firewall at the risk of dropping valid idle connections.
+Alternatively, these values may be adjusted collectively
+in a manner suitable for a specific environment using
+.Cm set optimization
+(see above).
 .Pp
 .Bl -tag -width xxxx -compact
 .It Ar tcp.first