i don't know the answer to your question, but can tell you that there appears to be a bug in "set limit" parsing. it probably won't affect you on states, but just in case, here goes:
If i put this in a pf.conf: set limit table-entries 500000 and then try to load a table with more than the default number of entries, it pukes. If i instead make a special /etc/pf.set (name not significant) with just the set limit command, and then do this: /sbin/pfctl -f /etc/pf.set; /sbin/pfctl -f /etc/pf.conf it works as i'd want. I assume this is because the tables are loaded before the limits are raised. oops. On Mon, Aug 23, 2010 at 01:08:50PM +0800, Earl Lapus wrote: > Hi, > > I've setup the following rules in pf.conf > --- > set limit states 20000 > pass in from 192.168.56.100 to any keep state (max 30000) > --- > > It loads perfectly fine. However, if you noticed, the max states value > in the rule (30000) is greater than the hard limit (20000). > So my question is: what is the distinction between the states count > specified in `set limit states (n)` with the `max (n)` specified in a > rule? Are they at all related? > > Cheers! > > -- > There are seven words in this sentence. > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "[email protected]" danno -- dan pritts [email protected] 734-929-9770 _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
