On Fri, Aug 28, 2015 at 10:34:01AM +0200, Federico Giannici wrote: > I'm trying to use the "max ???number???" option of the Stateful Tracking of > PF (OpenBSD 5.7 amd64). I'm not sure how to interpret the phrase "[it] > Limits the number of concurrent states the rule may create." > > The limit is against the number of states created by ONLY THAT specific rule > (I need this meaning), or is against the TOTAL number of states created in > that moment by ANY rule? > > Thanks for the clarification. >
the beginning of the section on stateful tracking options says clearly that the options "can be applied on a per-rule basis". as a reader, i'd expect that to mean that "max" concerns the number of states created only by that rule. if that's not correct, we would need to change the doc. jmc
