git: 293e4c54b536 - stable/14 - pf.4/pfsync.4: Separate sysctl/tunables >> SYNOPSIS
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 04 Jul 2025 18:23:15 UTC
The branch stable/14 has been updated by ziaee:
URL: https://cgit.FreeBSD.org/src/commit/?id=293e4c54b5363394b5c70db4e5e32aca8e9b5094
commit 293e4c54b5363394b5c70db4e5e32aca8e9b5094
Author: Alexander Ziaee <ziaee@FreeBSD.org>
AuthorDate: 2025-06-25 23:19:14 +0000
Commit: Alexander Ziaee <ziaee@FreeBSD.org>
CommitDate: 2025-07-04 18:20:56 +0000
pf.4/pfsync.4: Separate sysctl/tunables >> SYNOPSIS
MFC after: 3 days
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D50856
(cherry picked from commit dca2ab32e831dd5cedab182da8c5c51aaa828967)
---
share/man/man4/pf.4 | 37 ++++++++++++++++++++++++++++++++++---
share/man/man4/pfsync.4 | 30 ++++++++++++++++++++++++------
2 files changed, 58 insertions(+), 9 deletions(-)
diff --git a/share/man/man4/pf.4 b/share/man/man4/pf.4
index cd87b98ea45d..e0526552507c 100644
--- a/share/man/man4/pf.4
+++ b/share/man/man4/pf.4
@@ -35,6 +35,19 @@
.Sh SYNOPSIS
.Cd "device pf"
.Cd "options PF_DEFAULT_TO_DROP"
+.Pp
+In
+.Xr loader.conf 5 :
+.Cd net.pf.states_hashsize
+.Cd net.pf.source_nodes_hashsize
+.Cd net.pf.rule_tag_hashsize
+.Cd net.pf.udpendpoint_hashsize
+.Cd net.pf.default_to_drop
+.Pp
+In
+.Xr sysctl.conf 5 :
+.Cd net.pf.request_maxcount
+.Cd net.pf.filter_local
.Sh DESCRIPTION
Packet filtering takes place in the kernel.
A pseudo-device,
@@ -74,10 +87,28 @@ separated by
characters, similar to how file system hierarchies are laid out.
The final component of the anchor path is the anchor under which
operations will be performed.
-.Sh SYSCTL VARIABLES AND LOADER TUNABLES
-The following
+.Sh SYSCTL VARIABLES
+The following variables can be entered at the
+.Xr loader 8
+prompt, set in
+.Xr loader.conf 5 ,
+.Xr sysctl.conf 5 ,
+or changed at runtime with
+.Xr sysctl 8 :
+.Bl -tag -width indent
+.It Va net.pf.filter_local
+This tells
+.Nm
+to also filter on the loopback output hook.
+This is typically used to allow redirect rules to adjust the source address.
+.It Va net.pf.request_maxcount
+The maximum number of items in a single ioctl call.
+.El
+.Sh LOADER TUNABLES
+The following tunables can be entered at the
.Xr loader 8
-tunables are available.
+prompt, or set in
+.Xr loader.conf 5 :
.Bl -tag -width indent
.It Va net.pf.states_hashsize
Size of hash tables that store states.
diff --git a/share/man/man4/pfsync.4 b/share/man/man4/pfsync.4
index b4b96ee133bf..46d239d421c0 100644
--- a/share/man/man4/pfsync.4
+++ b/share/man/man4/pfsync.4
@@ -32,6 +32,14 @@
.Nd packet filter state table sychronisation interface
.Sh SYNOPSIS
.Cd "device pfsync"
+.Pp
+In
+.Xr loader.conf 5 :
+.Cd net.pfsync.pfsync_buckets
+.Pp
+In
+.Xr sysctl.conf 5 :
+.Cd net.pfsync.carp_demotion_factor
.Sh DESCRIPTION
The
.Nm
@@ -155,12 +163,14 @@ Compatibility with FreeBSD 13.1 has been verified.
.It Cm 1400
FreeBSD release 14.0.
.El
-.Pp
-.Nm
-has the following
-.Xr sysctl 8
-tunables:
-.Bl -tag -width ".Va net.pfsync"
+.Sh SYSCTL VARIABLES
+The following variables can be entered at the
+.Xr loader 8
+prompt, set in
+.Xr loader.conf 5 ,
+or changed at runtime with
+.Xr sysctl 8 :
+.Bl -tag -width indent
.It Va net.pfsync.carp_demotion_factor
Value added to
.Va net.inet.carp.demotion
@@ -171,6 +181,14 @@ See
.Xr carp 4
for more information.
Default value is 240.
+.El
+.Sh LOADER TUNABLES
+The following tunable may be set in
+.Xr loader.conf 5
+or at the
+.Xr loader 8
+prompt:
+.Bl -tag -width indent
.It Va net.pfsync.pfsync_buckets
The number of
.Nm