From nobody Wed Jun 25 20:04:41 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bSCTQ0Cx1z60SYQ; Wed, 25 Jun 2025 20:04:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4bSCTP4pJWz3JR8; Wed, 25 Jun 2025 20:04:41 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1750881881; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ax/naApQwRRnMt/pY1vRjQEq9bdKNxjqzxB+7dLOOx8=; b=A0VLcXZP50e9r9R34qa147WOUZyvuGlThBPNVyUDWsArx5+1I77JEEVCm8Vm2zXK2PlAli VeGaMf3DeurUXPMFtmHIfHN5QOaPlxawaXL377BjdTcijWXGrx1k9g/yG6Ve7lgmA/3kvE FGoZbzOVO3Py1+hbCuOwYGnzTk09EUU57+fLKey9sZA/Nn7eT5HXAx0XfJ5ozvR4FJXUmz NtYaws7/1tuqH1Ii6CIf5WxKK8y1MXeAASVMvehhrRuTwEZ6VaFzGzFGWfbncDJvYjbGJd MOqKR6UrhqNnIMJxT6DT5Q0y4QUua0aFdQ5iY2NutoRonn4HV2h+ABdVCLcGHQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1750881881; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ax/naApQwRRnMt/pY1vRjQEq9bdKNxjqzxB+7dLOOx8=; b=VAJ/9OJ7nDrkQEp3SXiw84ZR/BKsI91MhZKDxhmdbLDeqrfVHoKjinB+pnjhww/RcQyut9 o6YmtRpVK/+isZd49FQqxmbKATHzjCpMR1HOgt2qG+p/l3W9irysVheMhcl52tkXiDqtl9 OIxDnT2exCWYrn7tAfrIX5AoI6MH+KZAlp8II/PElDtoN/TgIHawJb4KRxTpBV/VOX6d7e 0i2+CEQBluVc540udHBw8d7S9OTY7hLlZ98P8w1i5Ko0ownxe2ZX0RgGunPdv/geb4e8qx y3vaEPdkeBAkAAEKmLQFzOsT9ZqiN+rivmyeeVWjDFEWhSinGTfow1ZY5Qm3Nw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1750881881; a=rsa-sha256; cv=none; b=YFoRQdWBXWzIjHKR3UOLD4mEFP4pf0bLW91IIgQ12jvjEPhE4wDTNghJZfu9iSoRFVrsjY 5QA6+sLfT48YNNWGkgpZMkhoGMMyRtEfU5VDyg+4XUx9V91bCesJ57LxIJkUjXGA/kPEAv cSqiJgKgA2iMTVem8SozVw6risvkmjR8p6aJfWfylSgTXLgPfrVZX3jXrP0XiI4kN9Zpgk +q0KD8V3t5nbJBE4otrIFAsTe3dLDouIqebmDdLzoro2pItT196YLYTEvGMoUf2bcqgyqZ n2f7pv2D+9t9OTNcfmpq/o0xXKvhqmuIG3IJn27Qyw53CGUg4feB2YVp3HDGlw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bSCTP4H9LzXnV; Wed, 25 Jun 2025 20:04:41 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 55PK4fdU080601; Wed, 25 Jun 2025 20:04:41 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 55PK4fjJ080598; Wed, 25 Jun 2025 20:04:41 GMT (envelope-from git) Date: Wed, 25 Jun 2025 20:04:41 GMT Message-Id: <202506252004.55PK4fjJ080598@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: eb01c0dfe275 - main - pf.conf.5: tweak max-pkt-rate List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: eb01c0dfe27572247c64979f26d01ac11d3ff1bb Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=eb01c0dfe27572247c64979f26d01ac11d3ff1bb commit eb01c0dfe27572247c64979f26d01ac11d3ff1bb Author: Kristof Provost AuthorDate: 2025-06-17 09:19:16 +0000 Commit: Kristof Provost CommitDate: 2025-06-25 20:04:15 +0000 pf.conf.5: tweak max-pkt-rate Obtained from: OpenBSD, jmc , fbac9b3f44 Sponsored by: Rubicon Communications, LLC ("Netgate") --- share/man/man5/pf.conf.5 | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index 010096369c83..3bdba4958aea 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -2221,15 +2221,14 @@ Measure the rate of packets matching the rule and states created by it. When the specified rate is exceeded, the rule stops matching. Only packets in the direction in which the state was created are considered, so that typically requests are counted and replies are not. -For example: -.Pp -.Bd -literal -offset indent -compact +For example, +to pass up to 100 ICMP packets per 10 seconds: +.Bd -literal -offset indent block in proto icmp pass in proto icmp max-pkt-rate 100/10 .Ed .Pp -passes up to 100 icmp packets per 10 seconds. -When the rate is exceeded, all icmp is blocked until the rate falls below +When the rate is exceeded, all ICMP is blocked until the rate falls below 100 per 10 seconds again. .Pp .It Xo Ar queue Aq Ar queue