The branch main has been updated by kp:
URL:
https://cgit.FreeBSD.org/src/commit/?id=17ac89e1dfc3b34658b5430ae860e88085876896
commit 17ac89e1dfc3b34658b5430ae860e88085876896
Author: Kristof Provost <k...@freebsd.org>
AuthorDate: 2025-07-18 16:58:51 +0000
Commit: Kristof Provost <k...@freebsd.org>
CommitDate: 2025-08-05 22:27:15 +0000
pf.conf.5: rework the text on mtu and mss
According to some notes from sthen;
ok sthen
Obtained from: OpenBSD, jmc <j...@openbsd.org>, 7f29e7e980
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
share/man/man5/pf.conf.5 | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5
index 8954e872c231..1c40765f908a 100644
--- a/share/man/man5/pf.conf.5
+++ b/share/man/man5/pf.conf.5
@@ -27,7 +27,7 @@
.\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd July 9, 2025
+.Dd July 18, 2025
.Dt PF.CONF 5
.Os
.Sh NAME
@@ -855,7 +855,15 @@ modifier to ensure unique IP identifiers.
.It Ar min-ttl Aq Ar number
Enforces a minimum TTL for matching IP packets.
.It Ar max-mss Aq Ar number
-Enforces a maximum MSS for matching TCP packets.
+Reduces the maximum segment size (MSS)
+on TCP SYN packets to be no greater than
+.Ar number .
+This is sometimes required in scenarios where the two endpoints
+of a TCP connection are not able to carry similar sized packets
+and the resulting mismatch can lead to packet fragmentation or loss.
+Note that setting the MSS this way can have undesirable effects,
+such as interfering with the OS detection features of
+.Xr pf 4 .
.It Xo Ar set-tos Aq Ar string
.No \*(Ba Aq Ar number
.Xc
