From df80715c2d78094143cc9a35e5514926011558ad Mon Sep 17 00:00:00 2001 From: jmc Date: Mon, 15 Apr 2024 14:06:52 +0000 Subject: [PATCH] hint that the tcp timeout values can be adjusted collectively via "set optimization"; from jesper wallin ok bluhm --- share/man/man5/pf.conf.5 | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index 657e99bf8cd..e8e34217bb6 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pf.conf.5,v 1.601 2024/04/15 14:04:49 jmc Exp $ +.\" $OpenBSD: pf.conf.5,v 1.602 2024/04/15 14:06:52 jmc Exp $ .\" .\" Copyright (c) 2002, Daniel Hartmeier .\" Copyright (c) 2003 - 2013 Henning Brauer @@ -1464,6 +1464,10 @@ which corresponds to the connection state. Each packet which matches this state will reset the TTL. Tuning these values may improve the performance of the firewall at the risk of dropping valid idle connections. +Alternatively, these values may be adjusted collectively +in a manner suitable for a specific environment using +.Cm set optimization +(see above). .Pp .Bl -tag -width Ds -compact .It Cm tcp.closed Pq 90 seconds by default -- 2.20.1