About pf.conf man page...
set timeout interval Interval between purging expired states and fragments. frag Seconds before an unassembled fragment is expired.
When a packet matches a stateful connection, the seconds to live for the connection will be updated to that of the proto.modifier which corresponds to the connection state. Each packet which matches this state will reset the TTL (*). Tuning these values may improve the performance of the firewall at the risk of dropping valid idle connections.
What does * means ?
TTL is Time To Live; it's the amount of time remaining before the state entry is expired.
.joel
