The branch main has been updated by kp:
URL:
https://cgit.FreeBSD.org/src/commit/?id=d8761e109d4d562bf119a4b7d04f92e5e0ad885e
commit d8761e109d4d562bf119a4b7d04f92e5e0ad885e
Author: Kristof Provost <k...@freebsd.org>
AuthorDate: 2025-07-30 15:32:34 +0000
Commit: Kristof Provost <k...@freebsd.org>
CommitDate: 2025-08-05 22:27:15 +0000
pf.conf.5: document limit-item "anchors"; from martin vahlensieck
while here, rework the "set limit" section:
- use a simple list
- add some missing defaults and limit-item
mbuhl helped fill in some of the blanks
ok kn
Obtained from: OpenBSD, jmc <j...@openbsd.org>, 4fbb390c4b
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
share/man/man5/pf.conf.5 | 61 +++++++++++++++++++-----------------------------
1 file changed, 24 insertions(+), 37 deletions(-)
diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5
index 1c40765f908a..a9ae823257a4 100644
--- a/share/man/man5/pf.conf.5
+++ b/share/man/man5/pf.conf.5
@@ -27,7 +27,7 @@
.\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd July 18, 2025
+.Dd July 30, 2025
.Dt PF.CONF 5
.Os
.Sh NAME
@@ -392,50 +392,37 @@ See
.Xr zone 9
for an explanation of memory pools.
.Pp
-For example,
-.Bd -literal -offset indent
-set limit states 20000
-.Ed
-.Pp
-sets the maximum number of entries in the memory pool used by state table
-entries (generated by
+Limits can be set on the following:
+.Bl -tag -width pktdelay_pkts
+.It Cm states
+Set the maximum number of entries in the memory pool used by state table
+entries (those generated by
.Ar pass
rules which do not specify
-.Ar no state )
-to 20000.
-Using
-.Bd -literal -offset indent
-set limit frags 20000
-.Ed
-.Pp
-sets the maximum number of entries in the memory pool used for fragment
-reassembly (generated by the
-.Ar set reassemble
-option or
-.Ar scrub
-rules) to 20000.
-Using
-.Bd -literal -offset indent
-set limit src-nodes 2000
-.Ed
-.Pp
-sets the maximum number of entries in the memory pool used for tracking
+.Cm no state ) .
+The default is 100000.
+.It Cm src-nodes
+Set the maximum number of entries in the memory pool used for tracking
source IP addresses (generated by the
.Ar sticky-address
and
.Ar src.track
-options) to 2000.
-Using
-.Bd -literal -offset indent
-set limit table-entries 100000
-.Ed
-.Pp
-sets the limit on the overall number of addresses that can be stored
-in tables to 100000.
+options).
+The default is 10000.
+.It Cm table-entries
+Set the number of addresses that can be stored in tables.
+The default is 200000.
+.It Cm anchors
+Set the number of anchors that can exist.
+The default is 512.
+.It Cm eth-anchors
+Set the number of anchors that can exist.
+The default is 512.
+.El
.Pp
-Various limits can be combined on a single line:
+Multiple limits can be combined on a single line:
.Bd -literal -offset indent
-set limit { states 20000, frags 20000, src-nodes 2000 }
+set limit { states 20000, frags 2000, src-nodes 2000 }
.Ed
.It Ar set ruleset-optimization
.Bl -tag -width xxxxxxxx -compact
