From owner-freebsd-pf@FreeBSD.ORG Mon Aug 23 05:33:03 2010 Return-Path: <owner-freebsd-pf@FreeBSD.ORG> Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 48DDA10656F4 for <freebsd-pf@freebsd.org>; Mon, 23 Aug 2010 05:33:03 +0000 (UTC) (envelope-from earl.lapus@gmail.com) Received: from mail-iw0-f182.google.com (mail-iw0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id 1705B8FC19 for <freebsd-pf@freebsd.org>; Mon, 23 Aug 2010 05:33:02 +0000 (UTC) Received: by iwn36 with SMTP id 36so6164289iwn.13 for <freebsd-pf@freebsd.org>; Sun, 22 Aug 2010 22:33:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=dHryOeAFbktpx/A9LAiWAikGIphU8QhgABLqHwZqAfI=; b=GscUN0pkHzHZGug2Iqz/7/5RZAGnz1A+oKnBiOiENC9WX0zTp678ic1RkCizK1M7sB Hflj6faWbIUwiAMMmNtCzPqo/yvlpl4UUMHXwXM6w1r87VlwWk7dUo49hlYUrUoh+rYj OmjOAjIsnEHgXWvOEgOlxLzfLb3uV3Ki0Xu4M= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=aHHN2y5+zG1xNmQqpV9gQf1Bc+0hEogKFu5yZjYa1vXkEphr8I1rGPLcaWOYcebSpF 2B0lwvr/eY5sriH5zSSFBnpY3gvabIuOU/+0INRaMQd5nud503OUZRpThVWucPaa9DUz 20jLPcY4GiFu70zRVD1b6xN5T/XQS8W/3VpJY= MIME-Version: 1.0 Received: by 10.231.149.12 with SMTP id r12mr5945151ibv.185.1282540130105; Sun, 22 Aug 2010 22:08:50 -0700 (PDT) Received: by 10.231.115.212 with HTTP; Sun, 22 Aug 2010 22:08:50 -0700 (PDT) Date: Mon, 23 Aug 2010 13:08:50 +0800 Message-ID: <AANLkTinm-K68L64-j48sgUYwft+AU52njEeBAtHSxqS_@mail.gmail.com> From: Earl Lapus <earl.lapus@gmail.com> To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Subject: pf state options X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" <freebsd-pf.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>, <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf> List-Post: <mailto:freebsd-pf@freebsd.org> List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>, <mailto:freebsd-pf-request@freebsd.org?subject=subscribe> X-List-Received-Date: Mon, 23 Aug 2010 05:33:03 -0000 Hi, I've setup the following rules in pf.conf --- set limit states 20000 pass in from 192.168.56.100 to any keep state (max 30000) --- It loads perfectly fine. However, if you noticed, the max states value in the rule (30000) is greater than the hard limit (20000). So my question is: what is the distinction between the states count specified in `set limit states (n)` with the `max (n)` specified in a rule? Are they at all related? Cheers! -- There are seven words in this sentence.