[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

set timeout and TTL

About pf.conf man page...
set timeout
           interval  Interval between purging expired states and fragments.
           frag       Seconds before an unassembled fragment is expired.
           When a packet matches a stateful connection, the seconds to live
           for the connection will be updated to that of the proto.modifier
           which corresponds to the connection state.  Each packet which
           matches this state will reset the TTL (*).  Tuning these values may
	   improve the performance of the firewall at the risk of dropping valid
           idle connections.
What does * means ?