From: jmc Date: Mon, 15 Apr 2024 14:06:52 +0000 (+0000) Subject: hint that the tcp timeout values can be adjusted collectively via X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=df80715c2d78094143cc9a35e5514926011558ad;p=openbsd hint that the tcp timeout values can be adjusted collectively via "set optimization"; from jesper wallin ok bluhm --- diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index 657e99bf8cd..e8e34217bb6 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pf.conf.5,v 1.601 2024/04/15 14:04:49 jmc Exp $ +.\" $OpenBSD: pf.conf.5,v 1.602 2024/04/15 14:06:52 jmc Exp $ .\" .\" Copyright (c) 2002, Daniel Hartmeier .\" Copyright (c) 2003 - 2013 Henning Brauer @@ -1464,6 +1464,10 @@ which corresponds to the connection state. Each packet which matches this state will reset the TTL. Tuning these values may improve the performance of the firewall at the risk of dropping valid idle connections. +Alternatively, these values may be adjusted collectively +in a manner suitable for a specific environment using +.Cm set optimization +(see above). .Pp .Bl -tag -width Ds -compact .It Cm tcp.closed Pq 90 seconds by default