pf state options
Dan Pritts
danno at umich.edu
Mon Aug 23 15:21:05 UTC 2010
i don't know the answer to your question, but can tell you that
there appears to be a bug in "set limit" parsing. it probably won't
affect you on states, but just in case, here goes:
If i put this in a pf.conf:
set limit table-entries 500000
and then try to load a table with more than the default number
of entries, it pukes.
If i instead make a special /etc/pf.set (name not significant) with just
the set limit command, and then do this:
/sbin/pfctl -f /etc/pf.set; /sbin/pfctl -f /etc/pf.conf
it works as i'd want.
I assume this is because the tables are loaded before the limits
are raised. oops.
On Mon, Aug 23, 2010 at 01:08:50PM +0800, Earl Lapus wrote:
> Hi,
>
> I've setup the following rules in pf.conf
> ---
> set limit states 20000
> pass in from 192.168.56.100 to any keep state (max 30000)
> ---
>
> It loads perfectly fine. However, if you noticed, the max states value
> in the rule (30000) is greater than the hard limit (20000).
> So my question is: what is the distinction between the states count
> specified in `set limit states (n)` with the `max (n)` specified in a
> rule? Are they at all related?
>
> Cheers!
>
> --
> There are seven words in this sentence.
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
danno
--
dan pritts
danno at umich.edu
734-929-9770
More information about the freebsd-pf
mailing list