Source and state limiters introduced in pf
by from OpenBSD Journal on (#71DNF)
David Gwynne (dlg@) hasintroducedsource and state limiters,which provide a massive increase in the flexibilyof pf traffic limiting:
CVSROOT:/cvsModule name:srcChanges by:dlg@cvs.openbsd.org2025/11/10 21:06:20Modified files:sbin/pfctl : parse.y pfctl.8 pfctl.c pfctl_parser.c pfctl_parser.h share/man/man5 : pf.conf.5 sys/net : pf.c pf_ioctl.c pf_table.c pfvar.h pfvar_priv.h Log message:introduce source and state limiters in pf.both source and state limiters can provide constraints on the numberof states that a set of rules can create, and optionally the rateat which they are created. state limiters have a single limit, butsource limiters apply limits against a source address (or network).the source address entries are dynamically created and destroyed,and are also limited.