ext_if="lagg0" int_if="lo0" internal_net=$int_if:network # bigger state tables help erlang receive sockets faster # https://blog.tyk.nu/blog/fun-with-freebsd-listen-queue-overflow/ set limit { states 80000, frags 20000, src-nodes 20000 } set timeout { adaptive.start 60000, adaptive.end 78000 } # clean packets are happy packets scrub in all # jails are allowed outbound connections but not inbound # these should be set up explicitly using spiped or similar nat on $ext_if inet proto { tcp, udp, icmp } from $internal_net to any -> ($ext_if) pass in all pass out all